last executing test programs:

1m18.894508627s ago: executing program 2 (id=330):
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x2a, &(0x7f0000000000)=[{0x0, 0xfffffffffffffed7}], 0x1}, 0x24000000)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b30, &(0x7f0000000040)={'wlan0\x00'})
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b30, &(0x7f00000000c0)={'wlan0\x00'})

1m18.723560964s ago: executing program 2 (id=331):
r0 = syz_open_procfs(0x0, &(0x7f0000000380)='net/arp\x00')
read$FUSE(r0, &(0x7f00000095c0)={0x2020}, 0x2020)
preadv(r0, &(0x7f0000000080)=[{&(0x7f0000004540)=""/4105, 0x1009}], 0x1, 0x8001, 0x8)
read(r0, &(0x7f0000000040)=""/12, 0xc)

1m18.647576691s ago: executing program 2 (id=332):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000010c0)='/proc/mdstat\x00', 0x0, 0x0)
read$hiddev(r0, &(0x7f0000001340)=""/4092, 0xffc)
preadv(r0, &(0x7f0000001300)=[{&(0x7f0000000040)=""/17, 0x11}], 0x1, 0x10000, 0x0)
read$msr(r0, &(0x7f0000000180)=""/92, 0x5c)

1m18.411243215s ago: executing program 2 (id=334):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$nfs4(&(0x7f0000000040)='/', &(0x7f0000000080)='./file0\x00', 0x0, 0x197841, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x104)

1m18.227359243s ago: executing program 2 (id=336):
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x78, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0xfffffffa, 0xffffffff, 0xfffffb36, 0x4}, 0x5, 0x0, 0xffffffbf, 0x0, 0x0, 0x3, 0x1a, 0x8, 0x8, 0xe41, {0x171d2514, 0x100, 0xb41, 0x8, 0x22, 0xfff}}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x4004001}, 0x44080)

1m17.815387183s ago: executing program 2 (id=340):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x601c2, 0x0)
ftruncate(r0, 0x8800000)
r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000580), 0x2, 0x0)
sendfile(r1, r0, 0x0, 0x558410e9)

1m17.435013241s ago: executing program 32 (id=340):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x601c2, 0x0)
ftruncate(r0, 0x8800000)
r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000580), 0x2, 0x0)
sendfile(r1, r0, 0x0, 0x558410e9)

5.423154055s ago: executing program 3 (id=888):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_CQM(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000003f00000008000300", @ANYRES32=r1, @ANYBLOB="60005e80080006000002000008000700f605000008000900000000000c0001000500000002000000080005"], 0x7c}, 0x1, 0x0, 0x0, 0x20000800}, 0x8d0)

5.143715642s ago: executing program 3 (id=891):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x4, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
capget(0x0, 0x0)

4.220017724s ago: executing program 1 (id=893):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="1502000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32=r2], 0x3c}, 0x1, 0xba01, 0x0, 0x20000000}, 0x0)

3.955776259s ago: executing program 3 (id=894):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r1, 0x0)
ioctl$BLKZEROOUT(r1, 0x127f, &(0x7f00000000c0)={0x4000, 0x80600})

3.628281322s ago: executing program 1 (id=897):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x22401, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000180)={0x2, 0x0, [{0x80000000, 0x0, 0x3, 0xfffffffe, 0x6, 0x80000000, 0xffff}, {0x40000000, 0x5, 0x6, 0x6, 0x10, 0x2c, 0x3}]})

3.13410629s ago: executing program 1 (id=902):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000240)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000140)={0x48, 0x2, r1, 0x0, <r2=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_REPLACE(r0, 0x3ba0, &(0x7f0000000040)={0x48, 0xa, r2, 0x0, r1})

3.03977767s ago: executing program 4 (id=903):
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000580)='tracefs\x00', 0x800000, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0)
lseek(r0, 0x20000000008, 0x0)

2.903345203s ago: executing program 4 (id=905):
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x1)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
set_mempolicy_home_node(&(0x7f0000146000/0x1000)=nil, 0x1000, 0x0, 0x0)

2.824020781s ago: executing program 0 (id=906):
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r0, &(0x7f0000000d00)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}, 0xfffffffc}, 0x1c, &(0x7f0000000300)=[{&(0x7f0000000400)="b8", 0x1}], 0x1}}], 0x1, 0x0)
shutdown(r0, 0x1)
getsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000040)={0x0, 0x5}, &(0x7f00000000c0)=0x8)

2.823763651s ago: executing program 1 (id=907):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9000000010000305000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="996e06004d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r1, @ANYBLOB="08000100", @ANYRES32=r2], 0x90}, 0x1, 0x0, 0x0, 0x800}, 0x0)

2.675646456s ago: executing program 4 (id=908):
r0 = socket(0x10, 0x3, 0x0)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000080)=0x1)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="400000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001800128008000100707070000c00028008000100", @ANYRES32=r1], 0x40}}, 0x0)

2.670780827s ago: executing program 0 (id=909):
r0 = syz_io_uring_setup(0x237, &(0x7f0000000480)={0x0, 0x8101, 0x0, 0x0, 0x2cf}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000000)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_SPLICE={0x1e, 0x15, 0x0, @fd, 0x2, {}, 0x7ff, 0x55860356c88e0e2d})
io_uring_enter(r0, 0x7f31, 0x7c5b, 0x0, 0x0, 0x0)

2.606595693s ago: executing program 3 (id=910):
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000000)='./file1\x00', 0x98, &(0x7f0000000140)=ANY=[@ANYBLOB="6e6f6e756d7461696c3d302c636865636b3d7374726963742c756d61736b3d30303030303030303030303030303030303133363033302c756e695f786c6174653d312c756e695f786c6174653d302c666d61736b3d30303030303030303030303030303030303030303034302c757466383d302c6e6f6e756d7461696c3d302c73686f72746e616d653d77696e39352c73686f72746e616d653d6c6f7765722c73686f72746e616d653d77696e6e742c756e695f786c6174653d312c74696d655f6f66667365743d3078303030303030303030303030303166622c666c7573682c756e695f786c6174653d302c73686f72746e616d653d77696e39352c00208893fdd4787adad4209069"], 0x7, 0x2b0, &(0x7f0000000280)="$eJzs3T9vI0UYB+B3E3vtg8IuqBASK0FBdbpcS+MI5aQIVyAXQAEn7k5CsYV0J0XijzBX0dJQ8gmQkOj4EjQU9Ei0SHRccdKi9e7GTlg72QgnwD1Pk8ns/Gbe3YwTpfD4g5dmR/eyePD481+j309iZxSjeJLEMHai9mWcMvo6AID/sid5Hn/kpTa5JCL62ysLANiilb//Ny4U+GHrJQEAW/b2O+++uT8eH7yVZf24M/vqeFL8Z198La/vP4iPYhr341YM4mlEfqJs38nzfN7JCsN4dTY/nhTJ2fs/VfPv/x6xyO/FIIaLrtP5w/HBXlZayc+LOp6r1h8V+dsxiBca1j8cH9xuyMckjddeWan/Zgzi5w/j45jGvUURy/wXe1n2Rv7Nn5+9V5RX5JP58aS3GLeU717xjwYAAAAAAAAAAAAAAAAAAAAAgP+xm9XZOb1YnN9TdFXn7+w+Lb7pRlYbnj6fp8wn9URnzgea5/Ftfb7OrSzL8mrgMt+JFzvRuZ67BgAAAAAAAAAAAAAAAAAAgH+XR598enR3Or3/8B9p1KcB1G/rv+w8o5Wel6NhzDBOenrLJXeqZTfMHLv1mCRiYxnFjK2K756/+prGjXWp775v++j654/pXqLClo16dx3dTZqfYS/qnn69SX5cHZPGBddK113KW22/tPFS2voFkj6/aMw3jIlkU2Gv/1Y+uaonOXsX6eKpNsa7VaN8LTTtjVb7+e+/KxKndQAAAAAAAAAAAAAAAAAAwFYt3/TbcPHxmtAvh+WH/Mdwy9UBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwNVYfv5/i8a8Cl9gcBoPH13zLQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAM+CsAAP//yylfnw==")
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000000000)="03684a7b99a4fde940f3ec0d105ea2c8267323117153aa4a4f099c3835a607cd5cbd77b83cc33d13bbb6c6bcae59db739af84a4b5d34bffc145f3cc27ed3d4f9d9b3103699a1e1cc4ddfb6c1afd07ddfc18e358cd62649479724ce867fefc0a15041bee9f6084842fb982d5c2cf1488d668b741c64f0a6fd2643e729ac5a56462a6b64d5a0a751fda4fadf63ba0dc2fd14ecbf546918db77095545b41ab170e5d6e8ec8bf9ce9b8d53b832e90c701fe52af7999f8fd509577ead1be27891ada8564167f2c7d2eea1c1c9c65d8e151c58ddee43ec34e74d330ec50cbbb2bb21892c7ca995066e3cbea8a69d94dc6bcef5f3c0ef630e774d092ea58627f3e09c66a9c7d1abcf4f8f8af87f4269df288aca9bbf758275ce9695256e764d185a91a7570fca3aab16c75ecaff6b8dda371c3226d6ec6e55c5c4d8cfc5c33892bacc956a3613bcfa849da1b5e070a7911d7488b3e628d9339718e8b821f1bb5d5c45f0316bb563d0a442801412dfd5a4d61ca657e04d6686f7d5863d57954400aeee8e79be8f3cc4cbb3d4b91269df039c3d3543e500b90a2bdc6eb60cc7afab7b5187d88fbd76e6212ea29e872b73f925287bdc808b4a4f8ec7f8aa08bc90b29e217c3eef69d8deae4141f4f9bd110b7bde9320e7b45f422e9a6111bcaf99c9911e46e219d3bab477926bd5d2e78d4cd0eca133c232b1e863fd7799dbf609f3670b323e5518e8f4bd36e9b3da2c68a28eaec9cac688b4dd0b73adc24a8c7acc264399b7facbc2f43e8e40b6cae9f8e956d1dbfe259f12bae75ad362c354050ffdd6e954f2d7615fafce888bd6f672a81c9fd4318caba765069c0a425e898bf7611b77f0fe61c27d318159dba42f011900246c64557d27b77aef928ab04a147baca37863cf998a2ac30b903c0314449ddb218887c309ec7184c8c733f5d4e7b2d79516e9531c9a5becf8294d6ccd777f285b13160e1c949d3069c6c66c0daa62bac679bc9b69825398d1c290d765e882fa2c8708b20ccec885ab6785dc22696b61c109ff84bc5407932c3e5bf12069a68b8e3333a26d3dd390ef9bc01b86013fbcb5c28a1f4d2b8084f1502fccc4027a124c3629d8f4a8befd14b597cebda5f94f36050a31b95087cbac347788a71a90e87f2187fae600aa42719c05c2859cb30ae0fd58a7bba681f7a6027a00583071def2c9a94456e5d9acb9fd2d11fdea524582489c02377bf7f590948985c769b3822cb6366681d79113c6a6c752f2475caba77b7b2e8f293d7fd9b991f63e254c98dec94f4f3def4fee9cdb56ff3ba7fe6a718cbe9a7f04710e257ea8a49d6605266048fc122d4f3173d4b04b3e282bd3c5198d7fcb72ec38e0b07dd8a541b2807e601e5a0a01f07a281e0e1a261c65977088a54597efd0997c59647aeebb2605a89705eeff3ec780e302e24b23a0cbe4f81367c3f118545f01328d22eb8e802667389143166a9db9477c9b58eb5c76a19b8f8b2692b0d356003f08ae54dfc820d8e357ecbf91fb7e212cbef1262171abaf2f613a5bb59b783cad476fec50d16ca0ac13c08a59a3097e6e3fde700a4b987d10311fc22d4aa210956cd859799f78010e4c0f25b715876aa253df15009490f71be3b0022875161f537c70b14bdb9e2d87a5a11b414a1198533c7de6fc4d22228133bc26b19d9f1e7627b14c72e3c39d3fa2186a42e50a0d1867dc312f94c7209d51475ed4aa80b2ccb0557a40422bf7317de2fdf3296727723a2d23babd5e23f7c3edf4942bb485b95a122e6aba41b8f80f684f84605462448d5a4fd66dfe9bbf80590b9999b4780d4f4f189a20f4400b2975df85b584c8c8f9fa3095f13aede1f52dac98be358b0a0d72bed4df71cd23973e326179580268c4e5d1be4b2ae2e1e2dba913998faa6088af128fc8fd3ae26203a898882b67d86d63f6ee8f8e216337330db6d928facf9d0ca273845ee5b33a0a136aeb48b7c52d3b95fe73efaf06197ec8753ee0349f19db8730917d0f18a2de9602d3b887bc583ff64dfee67e2bdf4d5cc1c341b89acd3dd5176d2c15ec2a77120b8a49591ca438ae36c52845e5dca550e539da9ba2a2eda49be316f3d6d4b7c83666bd4759940347c29dedd273adac722630a940e104316b4806553ded47132be4e31a50600f5a4dd56825b245b7aae853f56f79e0ec31f7b5db945ee3bb92865acb0d8828598e77446ee50ecd8bf5e7ccbd963445a09e3be215709b0b3bff2e9d12e6549924338f236b4ff973682e2e03fbf6b167e3b3a0f8c3f3c1e8d0e21a71937c918cabab50dd74c011a1a5531cfcf88a5df5fa58f17715f7c7b3a64d9dab6f20a596288969191420ed71daccbae7c1ec88bf74811b5e1f4bd306f3d810c4f3600df2903ffdf8db40ac7153fd93327a1065cf2c4590c8ba9f9391eb6aa600cb42aff8793e4721afeb3d470beda45dad9adfc6f4fdb24eafc63792f5015c656ca37cee82b7ee382bda31d786d6e03d4c8611c4ca464e2360ca747815c9eebd38c8fc7d5eea2db96b29d771a96dc5c884029077125bcc31980564555d21ecce5d0388e1bc1e618c7dfb31b02b1a6730db7eda387dd4ceb96f65178bb088e81133e5086f73c458f84139685ef930945a51979faeab539e4964244709dcb8b38f575d3a3ec1328a0df65fb34241db7cb3250b8ae0dbc44670d2b5cc3a1785d8d281c05256ef2beee3b202d8bce053e55ce1fb2bb208e65d488ae24484b00c2e343fc3544ca546406688022db6e29ceca9539ec095a2a2cfc5f516230f75fc961c5de1e8d33222331f57db02cac5f9208029c6114d041bb1cc7f959f77511f5790a564600c018afc253e5ecd5010bd769b45a04296ca09e87fb63bf3d3b51dd8b3f6d4426a03c0944d09dff654c5718ab1fef063caba34029be6811502e8bb785011dd1e34b0c192915adeeb40faad0725a8f9a62acf61b944a271d20567f350cdee22d76e3cc5966ba742d9c43823af19ba74c60da0df0c5f4e7e26af7224147774a1f8ae09f929066e1769ffb3c40ba9fed13d2670b9e865a155426ed5c83648c0ad34e46f5308b455e0835730fe529668b606f3f52b0d04534d0e14bc0ff0f742359550e6980ac9978455adb3de0f292af12a3700453e035a49eafe98fc0d7f26e42a6c41f380448607b7c96291f98fa6bbd7e32c249a49171f8fa81762a490a1ce5c39d66d35c6ed6c0679440c06197c2e24d48e1de81c711164c02820816afb5393d3d6c801c3c062ac46d1494f52c45ca36faf94894eec9d71e1be6c7256f4aee8dc080156b28623c821ef8d1826ebf0a41332620f42589270e142561374c825e828e2bd9ae41fd34959db48319d54ffe7a1b58ae8f7361cbaee8e26e0e7e1b7f125f8cd99788825efd01c38ec987904190a0ad52bc20cd36cc7209f9269ac87b2fa44d2456661d3056d893cf912c69ae6b2b83d0c781a6d6c33df1910867b71257ab74e244e3ebbac07445069418fe2e440a384e16feedf8e3165676e67866430eb6a8a5334620d8c2cda15b0328bb0c50630886353f95241cf4f3b647a4ff812c70e1b074c4befdc70fbfdbf868bcc81652034b5bfa831f1b686724046dcd17ac91ace83711e9ec7465d14c9d508bce93676a58ef7dae37221436865ad34ac2fd691e3b3e12aee6736dbdeec9b1c05fcedf8b9ced547259a1a40471ebe8b4bfda69d2f884da025e2809fb9f159150bbcb331ca3c502012a7fe76b4fc2771976aeb624ad7f2d72c707f5f19d8ded84581ac5afa697ff99d27d88c9588fe769839c9cc9d6786a0f814667527c53b6253b1825bfe17e7d734d96d61da0ae7349d0922774fa9b4baf332a4568e32cafa417ec659c4ad72cd656a1e2c59c8dee38890ed3acd8b4f8657de41f670106c38c38ba1a553f0f589a57c61f5105d70e0c0953459383cb9337ca972cda1d2cd3056eb07f21c1f5b995a04997fecf501bb201c67fd2afe4d44fedea595969b6b3706087b0f59d2ddbb099d60436a94f0ba33282b29f6e914fe92add4b33cf70b680b905cfa2b2ccb00b9967f99806e8d69783fd35a2d7fbb424e9fde2647609aecb0208bc3864bf95f05e50ba12123edaca8de927b338dfcb3cc597947c606c08315061a7fec98c48f480e2febd26fcc8dc12289aeb0adefa2c2be1766a5bc74ef1aab6c2cdbdfbf1810d956bc889c8e614b7b933ff6e336bb208db5b592775fe71c3ebfad5f47e0d074e1c0cb36761481ec677794f23c3698bd35875719f242e3fc939bc3668f9723f31effe189dabdf4ebbed073eab952c88f13059eee22230bc7724d7266b15726a0b0898cdd274e3e56d0a356166b5d16456249e9e92e84e39f61c0ecdf99ec2cd230440c03fd21cf68f27306628d35ea47367775f39d20a07f3959b38d49e3674061fc1018b647047ad39f77027878badd29927c5806f95aebde5f070fed28ed34052550678d3c6b677a3b5a46f76a98264c42206bf62caa95df5437092b68e025ee9ce2ad733b6db3ec97fd33cdc3b2f77ee90dd86d8bd289ae1a437c86f4153ddcff5e846347bfecc1499bb42980e4fa91790faee1b1991dfead5d7c460348631f0469b2b9e8f65207a00985511e0c41f441d9a3154f5a0298c172fd7135d4bf95c11cdf1769db1cc55f392aec309037599327a7c53c10a56d1ace8ad19186a2fc75dfa9d657c114eae99c1c1a6b4a58440718bea82290bd1c2a67048938c381648ea2b2c7110d748c9c8d782f20430b1427b51d7036e55b0997c6f75717db67a82c88d3647ee036b49392f0467d6010b32f9de3e5e79ef082c5bb975d11d2bf76a97f7159c11a7753db8a065d3126ccda9abbebd2c54374e389942c24b27435868fadb45bb060d3c1084b211e2afa8dfaa2d8dab8dc47fe10e6c32afece7c4976176a7c66d704125c0948c238c843b41b0246be1f50f8e07884cfe7ae8885ca06339a339c8d5978b079e0eb78facfa1dc67ca70733dfefc6c868ca149e0661b70e0134870a3107c8c46711fed14f892d6fc66d95306838688f13b19e904416a8d161cc33527878b38ad10b1c08db21457b2075608be7300d39748e4fcebe02b190f3e8ed32a0ef734b11ca43a21f5f809bba795f5aa0ea01050021d0f5213620af5b08fda6421a42b7c82804a20a6ef6d471babf76f46538327f943476d1d109a3f0dc531233d6f93d8dc27f4745735085f92adf63d617b373fba24f289035710e69eb80da12d36e8eaec22620ffaabadfb824bd5fc309a2c74959505856b5b890bba8f22bc571a9d87e93ba3b9aba6dcf26f7076c0c2e271641835ea25fd49d96c69d4fb8bb8731bd2cbc75146aed10d269f9060462339cde8830b535920be3dbf143eace0f1ea9469b95a64fbd7e5057eb880d4422cbf97cfc3f7140251d4923580ca2113f345cf24a66499ceffd2e39dc4fd74cf448638962957b409f0d218c165c13ffe107aa1dd1d9a02092cd46cf2b353dd2d2ca7b8a7ae8eda0ee18bba269bbffed0c7d400497aee4da0896cf6329d76ccea098fbef9075412d1c2a3644cf0f202b884303d204314ae92c56217b2feb5e7c1e15a99fbdd655fb8f6bbc3ab1259bf03b2ee17c5b7e9443695177ec5040eeff3fc36ceafe143393d76a3d735cfe6c9b632e52dbe64dc1265961e8a27ee9f76c0add9e0581e474d7678214f5b64c932903715befc6b766611f1d7e495573b9a3e009cfcb0ffef7ac57c3561badbfa41c119e541180aa2364de61a601699cd1bf3de01d15794b728e1444efd6ffa1e57d95489c8df91fbc057b66dd6d9f3a01b19f36bc99f0b54ed1f9905067dd1608bce47f5ff1981a25184aacd39e331d8ff3dfa7c012d7e667a69249cb4803b23f7eeaab8ed29c69ba3d2a1b88821ffefc5825650c53b6364f38e0a178312f5d29d5375423cceabc8e1c4e51a566ba3f9b176b858c8860440ff8ebdde725640d2dff6b9160bb69f188755b0ff766b410704cda4c33e1ae2c73b5799a00d2f55de73109728b350302b64df2ce3eaf2e0c6561009b60c2701ac493076305e97ed20c3b42f40b2bc7f13bba4ab8181e2085b07930c6f5579205dff696902be824e65ddc774e886e8d261fe74712a31e406b0f7725b4559d7ad0f27a1a870261aa5bb8a720e7c89ba933770d48821416de070df1abcc6eee1147c20bda090d940aeee2bd48c0f3d94675d9b9cf1a62ba50e31a7af0714dd8325d5fb7142e88c4d22ddb8f0278ee6ba88e361524e291b6d000f6523ad4188b021da9ef4a634ed09eb2002b9c726746c9ffc32f261edb448106aa1e2daaed865255fd1d296fedbbb2de3f7c1f15935e52006492b632ad125aa1e000c9d71bdb945792668e16b26122a3fd7cba1a40db8083068c5c48fd2aaa621c87d9f5621bba442fc26839030dbe4e37fda4046d6503bb03e0f928de25d4cd4e2a40ec93c9021dfcbb25f6e2c943cc85eba8123340d6364949581e8c8c2913d59dafe4297672c0b9e7418485f00cbcf672a588904beb3c074bebf339815b91c7c374ceed5a701e1ade8f5d87ca536120116307ac259577a8e12958425317c482d2c7089bf3d83e12318d1526107a050f3c094492de7255b22e18ca2ff261b3ed197f2f8e67b71b1c5a6a04b99158b58e9baad75201aabe13254617d0de0a9073af62491c67fc18d1ccbf7686a85a99b39e9d7d9c85a0777e47c9fd0e10c932c20f13ef287b44b9b706ec818aa0c48a10caac58a9b8355e84bc820698c2501f0c12e1b67df701cfcbe72dc47a2c87d43753ebfdb24cc838507e241d9fcd3d4955a373209ccda903a3ffced05e4232f2cca9bba197fdba8a9357cb1d6da6d9b4095027dc03e17d59ebc2d358e171da0044df102b193c79390ebcb58023b40c621df71e064b0056bfcf1eaee1eca85357cd1ac78feaa54bbbd85596977ba85003ea60d8685f4e3b756e4f81453077396590fa214f672929e81569442023667b798c24e06ee20dbf64cfccb51b2bca4e2a5b0df137bb37ab3e2854dc7e1b879866a72a5809b563596cc9fd3e53abdbccfd5dbc60662252ddc5c290d72230d79b7504b40fdb45ded2f02e926652c1e04ea4c1c488025ad1098adeebe98e385ab1caec4b9eb4d3bbd5ef3ddf1fd0d72784604a989558fd37f6d4fee20609090b3331e254fec98414a2c54589ee01c9429b7cb574b9167efede1d966a227bf2a8e422f38680d77d3c555cf1117e7d7e804ad730c36a78b7846473d6481bd0839bd3e6982ed47246c370a90b76e5b88de202346fb20b8b6b5ecb6a90b8478d17b175a1821df75b48ecc34866fe5c8960bf64d5ff92831bb9357474bec65e0dd1699b0f0340ee5ac5e9e9d3df66edca20201371fc21ad80aacd49c6b0abcfee9c876c15edcfccde823b55b61cb7b254487ef8c8781a22043f4adaf25df34580a6b3904fd014b50c59fa90eff75fa5fd32aaec9aa10df8a2b9b824952e475c964533942bbe30f4167a11fc15d548e0a31f911030569722f0c67e79e90483f6f0bee1c7f80face1a1b0f940c891be688cb16394f6c07fd29b5f248c211d1f76ec1292755d8bd963e191b3a8851472fbbd2cb732f4fd9fef3a8fb29aea097328173fdeaf56fa2279e86fb954306b040c960d0b601b3a741c96cf1f0bd1172f848585cb3b57d7d2e2a84914526f5a6f9895cf5aa4425b4dbf9f59037756a0321bba204a737e36277e86fd268f6047921f4f8fab69dfee137c07874f12f89084e7117e2c9221690a27f880f17d08d56f9dbc96ffef3920b55fb773dde72e1ba35f3e0c9872e339508281426ab04941df4885f7e0293149f1642c2573e2b6594b8fd953ae2468cf917cdaa0692cf461e3628860935def39af78af5e1540147ab1c70c3ab7f7c76abea0d8541feb43e632d7a2cc7bef15a4700304048ecf135968d0a9644ce899aad05b186a2224bab3836248cc6137472203ebceb29b3e87610df12417ee722f309c54b2e65591d8b929440f3ec43ee9ff8f7b7710668e4312610d1591303d5270394da0ab61e4515af5215dc81137f0dc90f951972731f8d98ceb8b4ea38da7d8dc153ccbae5068781eaf9a4a7b11b4319090261b61aa65a8536292eb5392020eb285b2db07f81e7f764d65037050f1e3748593474c6c1dc11cfcb56e1c916157280098a437265e1c682cbfed717e7275bc6c3bb6c6ef7f0f9fdd19ef82ff2c82284c3a061f57b21d3705aff97710108a7d1217a7ea3feda021d20f1fdca94bbef67e0aeaa3db6ccc2d060f7b33707fe19cb2d0232f1239373bb38e666cbbbf3a697c6d0e957ec6730f56034440e789a7a37304d09eb742f21019a77c608cf578162a55d0aea113c051b110b5281ed8b6638d2b31604e965cb019f2f106bc4e96d1313c70612f1ff18afdce7926270dd242c49cc53792f160d1e143e04d7eb3ca40828b153fac466bc53a084281987b47b806a4ef668859eb9035ef68e9c20bd6bb790fdf6f921569b4e97fae5b7edc761b4944c1d6d90f4df40bc3203ed838d4c61cdeb7a9bbb68d59b2cc00125eecaf06b759ac1b9dd68028225d0a60efa499e4436962362727011eef6cc55962dd4ffe2fd3892907e837045883cc9ba8892ab265a31924f3055d4dee68feff05d9f10ebdf1e8c1c1e7001b5b02a7fe26b9c0641e054ae37854187fb1bb6e9fae05b09e85a1e0e14bc801f2d8b9a178a9a72b147e137e0d83192664a88a3aca4fb6a4f0c5787b20c31bc5975dfbc8bcff8987573bd14b1ca434d93452e67ed01c60be99e535bb3f848888d224520b61cfc1de2d6b2ebef9f24674c31aada52784a0b7b60f351653c71d546cf951e6b4a0d917ac6afd0a713f41833f9f74a3a7d3c19b523299666da2b48676ca7aafebadef05b3bbf4b6b62834046f51d3d4582fb4c9de27a3f5e992853368e4f17f9dba27c8c4438307fc7405f53fb27cc81c1521452a1a5edb0cabdf7a73b1cab0675b619fd5a0fadb7147776e74695c042d9d8bfda045bcef7542b42249f34c7590605d0201a762390f2fee5f3cdb488426609c663c9fc4dc2a5277f3f589a14e6dcc202dfcd89bb148a368ff1792d230c19934143d2c260dbdfb334af863b856e415febd22fba01c568d8f48dba6d92f493cd1164a376f006d55db609cc2c9532a9f56da3b06e3db2a05f797eed57892e2fb677541324bcd763cf4669e7a871e322d0cc6e21befe3c767976f058dbe7a059d673c94c7ac5d49178bf19d32907b6fe66a92cc8ea30a858da43f74354390d6e97021da50812c59a78915e5b33221531bfa054c594ce3a2300e5a7d712773181901dfcf6922e980566fa62b1f2b669a27fbecce29e9be6d22058463e350163f33d18ce92a72d1b470857b6a37998aec5672521a8f0d66ab2bd01de516036ec47d1f63b95b437dc6d5a0168189d5a963cb0a80a9a5f20b03515396e3525f0ab13b0c1e5dd051b4c930da6d57ab6f7dd94ab3e689e0355af0b34871296152a76cce170d7b14d471ee4d9daa93de4ed755f30d45344f724288c17e4b22583158f1305ff55fecf7d526e207fa609886e14c9a168bf364b049409f63590f18a5515de8c1fd8c5a9710b6e33d2ecd01466b799f14be787612b8f17df0c05483a16097c0a504880249e28f1e067663c640a550a8c7ad9d090f7b2e902c5c20936869a5f3d3a014817f90babf847b43cf67ec23f120ae4abc63a418d1d99f359fc2c33a5bb34e1f5780576111a88c5ede834bc41e498548ddd128f9e884f4cd3e1bf1aaa1204079ce74e709306f38f2d6859128fc35d3a74c534ff1dccadfc8fe41f1be9510349af8710eb6d2dbc758be12b65622dad1cf48abc2fc409f5ed6a3af8d0b6548643c46dfba9db4e5827475e6e317c9c018a4dd5de391cc9cca85ec527537e26949e5091baca4f0b563d4c3969f15115e5ccdeb9e40788fe12f9d32d9488a70ae53b819726e4483ea6bbcb76f99775ca5e4f93c76edae462c08d596209f985aa55ef5e786701edcee8d831dd6dc0fee9ad01b6bdd63e886a5e55bdc593390c81e18dfd8c685b81306bad6b7a19a86b2bab5cbf4754708422e99f8f2497d798b3db565e709bcbba4c376c1c60b22b994fe8fdcb25215d505511cc1927f6a35344023d5da0a3ac0830e6aa80f5f7f0d94a67c99c6b22717078aecba2a599daa2acc054cda25e3965172e5fef464ec19aa71de5e84b6de30cc673fbab8c441ea37bfb3fc321a504371bc0996702e9be38db762e339ad7ad66dc2caa887e4ab60272d7963f85b14c941d31e545b85c640427302efe7142f0e0897a8c623ce57da213fbc2d1f90677142fd48cafca0b2934e572833ed6473218d0513dd1f6ecc578e5a1109ddae552b3be0cfe7246d7682a59fe9ae783a0f318d1800d5c466c80c5fd3facd0340f455f081068dd2cda5cda744018d902217152b6c05d37c090f8348b0471053152c2a4570fbab3f6dc30c8e49a63b88a00b3aac75180a633692e35ea976821694e133eb8bb4d31237d002fce1dd2ce55528dafcef2f0e00690562d144bb0e19576ce6ab72deac22067d8edac916b1b07e4eb57ff0b885b1b79f37dcf88135eedc17ffd948b61e4df4985033bcf891dd5b1448c8668947a271d93d03ce31216810a6bb45a6c5a12e290d97a60ad4b5c7384cf19421ac1ca64d346b50771e0b50e5caf1d9dfe056e8da247aa502ff04c8e29ca810a1d3ec7a89bc17dba2936f03a80228171f7999b3f2768617970efe57b14011c80666ac4999a568ebef74e2ca14df0ff6f0fcd47c538be96aaca1e65b53b98447101e49672b48167c0afc1afffe669b0f9718bd3305805c292db9738740b362564e4691cbdf061db1ed3f9db1f8bed82939f835d14f46818e3eb4e25f7a8d77d9d0d7913c45d8a81115c1a5e37b1d3bd1b7b5e6afaaefc81d9700bf83506fbf15457bc0f59f7008cc803efdcb6d39e388f6b28e80d47134265cc5438804b12d50e61a489da829dca05792d2ac182ba747331e88a7118f7dd38067f7d38f37be362260effacbc33863bb47aeebbadeae648a1090718266eedd2ed5a2c23f168759198aa92b2ac45c2a68ff212f29260e641a38541b066d39df4e95cd1c8e7e6ffae1b8017e6f629db3910b07496c8a81e4e66ac2321fd9e7ebfecf5bf6e922d7a79fb710a2d42dad1916c9b186c2c50c818fdb1afa19be867d943ee98f732fe3a01364281c0f6d0eb64a278721dc7bff5316256b0f4251abbd9b8ba7c7c12a3bf02a1fbc9ca94b965588fbc82343d07df8e06eaa5ed2137fec129351d80a9048a7d78b31ffaf2e388864a763c4af7aa53000e0bb2eb8ac0e4272cbb79dc6a7d65890f125c523c7cfddacdedbe87938aca915c92c807dab26be7d748827d4e3188676312ef1ac8460b29e8e715f4075e33104ce82e6785aadf17a7cf82d2a705e9f2d0fd25810ba33d76e54b48eda3effc01f37c89db38af81922fadc8c3361fe74ed51eac5e4437108106ffdedb339b406c082d62a8bf718989846d23f966e1ea39103010f767b3a6f0a0a2041b1dafcb787e69ffad75ed2a0081b92a4136ad5ae557c55a4b6219a390103428181ab36f329ad182a92957495c", 0x2000, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x15)

2.471648816s ago: executing program 0 (id=911):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x22401, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000180)={0x2, 0x0, [{0x80000000, 0x0, 0x3, 0xfffffffe, 0x6, 0x80000000, 0xffff}, {0x40000000, 0x5, 0x6, 0x6, 0x10, 0x2c, 0x3}]})

2.471401466s ago: executing program 1 (id=912):
syz_mount_image$f2fs(&(0x7f0000000040), &(0x7f0000000200)='./bus\x00', 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="6e6f646973636172640000008000200000ff5f78617474722c646973636172642c7768696e745f6d6f64653d757365722d626173651a9603642c6e6f696e6c696e48c8b8bd9db81b403801c199ffba3691ebc17570972cb0aab560ecd4a62772a15b05a04f8812838b6d154a85515cf6a313e8043c58707a92ff4e0d69fdd8fd380734190ccaff409ba8953c23b0c6f1c09d49447f1e1d0cedb97bb4daf266dcc2cec17b92cbbe1303abfc278ad789ffe0f34862de20f795a4b968385446d1964503b1815a337e284216bd6809000000000004000000d593d55b7516ceab7cd6f2aebee0e3b4e72511cc77b8aeb6cb60fe02009fbd67bd8d700393ec17bc2e14a4811bdefdda2f5f5ebead17e18e7fa077c6bf2fe6d11ac484b13898ad0c52acbc155d3426"], 0xfd, 0x5504, &(0x7f0000001600)="$eJzs3M1rI2UcB/Anfdnuay3iwdsOLEILm9D0ZdFb1V18wS7Fl4MnTZNpyG6SKU2a1p48eBQP/iei4Mmjf4MHz97Eg+JNUDLP1G5XV8FNm9Z+PjD5zjyZ/OZ5wrLwm5QJwIU1l/z6cynMhishhMkQwvUQ8v1SseXWYjwfQrgZQph4ZCsV438OXAohXA0hzBYFC8O3Pr89uLX605u/fPPdzNS1L77+fgzLBc6IF0IIne24v9eJmTVjPijGa4NWnp2VQZHxjc7D4jiLuZdu5hX2aofn1fJcbsbzs+3d3jC32rX6MJutrXx8uxsv2Bs0D+vkH3hQ28mPG+lmnq1elmfzIM5r/yD+93bQ68c6jaLeR/UQbhytsd+P4+l+Gtez/TDPerdfjMe6WSPdH+agyOJyoZ61G/k8Nv/z13zmvdXq7u4ng3Sn18q6yWql+mKleqdc3ckaaT9dKdc6jTsryXyzPTyt3E9rnbVmljXbaaWedRaS+Wa9Xq5Wk/m76War1k2q1cpyZbG8ulDs3U5eu/9e0m4k88N8pdXd7bfavWQr20niJxaSpcrySwvJrWryzvpGsvH2vXvrG+9+cPf9+y+vv/FqcdJfppXMLy0uLZWri+Wl6sIFWv8nxaRHuH54KqVxTwDg/DnR/n8u1izp/4HHnPf+Pzyp/8/7/sPU//+bc9X/XuT+f2/2RNYPT0X/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwYf0w/eXr+c5cPL5WjN8ohp4tjkshhIkQwu9/YzJcOlZzsqgz/YTzpx+bw1oIeYXhNWaK7WoxPtx+e+akvwUAAAD4//rq45ufxW49vsyNe0KcpnjTZuL6hyOqVwohTM/9OKJqE8OX50ZULP/3PRX2R1Qtv4F1eUTF4i23qVFV+wdH990mj8XlR6IUY+IUpgMAAJyy453AaXQhAAAAjMen454A41EKR78JFn/APxOj+EHwyrEjAAAA4BwqjXsCAAAAwInL+/+z8Py/b0ue/wcAAAAnJT7/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4g537yUkYiOIA/Fqo4L9IjHuv4g6O4RFcujQcwEtwBLyCF+AMuPMIBgxtidZgYtKhGPJ9SVtmQn68EjZvhhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9umtmE9enm6f2+as1u2kuRsAAABgl2Uxn5QvRtX4vJ6/rKeu63EWEXlE7Orde3HSyOzVOcUv7y9+1PAaUSZsPmNQH2cRcVcfH1f7/hYAAADgeC2ms3HVrVen0aELokvVok1+cZ8oL4uIYvSeKC3fnG4ShZW/7348JkorF7CGicKqJbd+qrQ/6TUuw2+XrLrknZYDAAB0otkJdNuFAAAA0KWHQxfAYWSx3crc7gWX/7z/2hA8bYwAAACA/22wazLrvg4AAACgY2X/7/l/AAAAcNyq5/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwT8tiPllMZ+O2Oat1O2nuBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgE/25x0FQiAMwmDv+s5k7n9YadDU1KQKhI+/MRgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODN7/7yf2JqnEnmXhtLzyPJ2qmxdWrsnRtHfxhfvwYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuNiflxQIgSCIgjnjfyd9/8NKgp5BhAhoeFRRiwYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+KLf/fJ/YmqcSeZOG0vHI8naVWPrqrH3oHH0YLz9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuNi5f9+4qTgA4M/2+UILiCOgDEEIJAZY6PVaWroygCIG/gSkKL2WwJUfbQZaVUhZ2FDmLghGhJBAYcv/kDmRsoQtww1BYg6yz06cHxIHIfY1+Xykd+9ry3rv+5woytfPCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJSG74WkjPOgM4rj4tzG7uOFrN880mfWVrZms5bFUb1pPw1erR5EM80lAgAAwMWRlPV9CGE7XZ3L+riT1/9peU1W8//w/Cgu6/mjdX/Zl7V/1n7/befl/Yk6o3myQe8sDvpXj6fSOrtVTrYX/vGKVn7n82cvSf4FiT9cfmmY5vcz+m59/f12Hk7VkS0A8F9cKfsiKH8fyvpek4kBcGG0KoV3Wf8nnWZzAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKjDcDk8W8ZRCGG2dRBnNncfL5zUr61szZbt5pMnK9UxsyHSEMKdxUH/ao1rmXQPHj76bH4w6N+vP3gthNDc7EXw8RjXhNBkhoLTBnHxvf4/jrwXTcC6zjZo+AcTAADnTlq0rK7fTlfnsnPRdAh7Px6u/9+sxGHM+n/nk5sb1bmq9X+vthVOvu7SvS+7Dx4+envx3vzd/t3+5+9c673bu37rxo1b3fxZSdcTEwAAAE6nXbRq/R9PH9//v1yJw5j1/1ff976pzpWo/090sOnXdCYAAAAX24uv//VndML5qN0OX88vLd3vjT73j6+NPhtI9V+bKlq1/k+mm84KAAAAqMNwOTq0/3+7Eocx9/+f++mVX6pjJiGES8X+/5WFLwa361vORKvjz4mbXiMAAADNulS06v5/mr//H++/8hCHEN56YxQX/wZwrPo/+eDbn6tzVd//v17fEidSPDO6H3k/FUJrpumMAAAAOM+eKVpW7P+Rrs59+uvlj9re/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACo298BAAD//4CMP+o=")
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FITRIM(r0, 0xc0185879, &(0x7f0000000080)={0xfc63, 0xa000003, 0x1003})

2.309399452s ago: executing program 4 (id=913):
syz_mount_image$hfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x800802, &(0x7f0000000180)={[{@uid}, {@uid}, {@part={'part', 0x3d, 0x2}}, {@uid}, {@iocharset={'iocharset', 0x3d, 'iso8859-2'}}]}, 0x21, 0x306, &(0x7f0000000240)="$eJzs3U9v00gYx/HfOEmbdquut+1qpb3sqruV4FJR4IC4BKFcuXNClCaVqlpFtEUCLgTEEfECuPMCuPAOuHAB8QbgxIkX0JvRTOzETmwnbZOmf74fqdFkPON5Btv1PJaKBeDCul3/9u7aD/tjpJJKkm5KnqSqVJb0p/6qPt7Z39oPmo2iHZVcD/tj1O5p+tps7DSzutp+rkfEt9/KmkvWYTzCMLz1fdJBYOLc1Z/Bk6aj69Btr55wXOPSkv6ZdAwnLXmAzYEO9ETzEwwHAHAKRPd/L7pNzLkqI8+TVqLb/rm6/x9MOoDRuh70VYWFHRL3f7e6C409vr+7Td18z6VwdrsXZ4nDBFPp+T6l9pmVWmCaQVmli8Wb2dwqa3XjhRqeXqoWSTRbcp+N9qkbS0Y7Ff1zJEZfzshNC+TPvaI7s+3ZuBVlrzikza2gOW0LGfEvDjHi1GGiHcR8Ml/MPePrrRqd9V85NHYUN5Dfc6S8io3/Sv4ef3O9bCtFaX+tVvNSTf5wg/ydnsqAc6qanZEk9xk/IGh1IiiK0429oPRjhfbs1gb0Wszq5Xe+5fRaSvUqRWfC6sbDoPBRynjEUzRvzF2zrJ/6oHpi/e/Z+FbUvTJ7r+IU41pGZ0Z7Pjknadm19PvuHN3L5d9OBJHpw04Nkg75tOy1HuiG5veePtsuBUFz1xbiQ7S9HtesB4/mdo0rBM3Kq/SmdKFg0/ELJcU1M1GMiTZqdRuH1vMwHHbP4fhiDoLLI92h/f3RqWkp+1jYQ9ip8cY0rwtfqH+WTkEYxy+EoZSzaeS/n3AK7Zn4oLuvZc1MOiKcMLvuMu38z63ko1WdS5Hsh1+wTi9OMpXa41ong0svBRfc52x+Bpe529wMLjHi1Zyc0eVc/12S/k9UGhWO6EdxnhOmrq+6z/N/AAAAAAAAAAAAAAAAAACAs+ZIfzzw8X3RHwL1FSY9RwAAAAAAAAAAAAAAAAAAAAAAzrojvf836/+Id+//9TPf/zsbF0b1/t/i9wIBGNKvAAAA//+VVHHB")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x4040, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x80001, 0x82)
sendfile(r1, r0, 0x0, 0x3ffff)

2.276560585s ago: executing program 3 (id=914):
r0 = syz_mount_image$btrfs(&(0x7f00000051c0), &(0x7f0000005200)='./file0\x00', 0x1204408, &(0x7f00000003c0)={[{@compress_force}, {@clear_cache}, {@nodatasum}, {@nossd}, {}, {@space_cache_v1}]}, 0x0, 0x51ab, &(0x7f000000a440)="$eJzs3V9oVFceB/Az+aPxDyY+xV32wX1YWcUFWRF2UdggGF2Whdn1YVnYrFlZxT+7JUgDwb5YS2lBxGCgthSKD33pS0mlUFqqBAsthYogVloUW0teWiiESsGXlpK590xmzvVmxlQbq5+PJHfO/d1z7pnhPsx3zLkTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIIRwcM3Kv+xaPb2urD7dP3bq6LLt507vP3ljaGjLlRAqtf2VvL5n+66/79+95689scPw37JtX1/ZkFnXz7PGkqads/2af/4TQuhOBujMtzs6G/pW0hOEI8UB53XgZv/o5u7BaxN3zmy8eP3QhuJTZ1bPYk9gseTX1fTctTRQ+92RHFFvN1x6laZLNOufXnA/yZMAAO7JpmptU387mr/FrbePpfWkPZC0x5N2fIcw3thYiGzcJWXzXJvWF2meA1lUWFo6z6Sev/71djXtn7STqHEP82w+NI80PWXzHEnqizVPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIfJqx9euvTcy+u3ldWn+8dOHV22/dzp/SdvDA1tuRJCX21/JStXlv+q8w+fLtt57fiRN36zr+ftk515v7jtajg4fBIf/LE3hL0Nlek47JerQqg2F2rN8FKxcLD24M+xAAAAwKPkF7XfHfV2Fge7m9qVWpqs1P5FWVg8cLN/dHP34LWJO2c2Xrx+aMPCx6uWjDdw1/Hq7b65n0pDMI7xNx1vrh4PPVIYZ37piGme/2zmyVsXJn7777L+hfzfN3/+j6+c/A8AAMCPIf+n48yvVf6/+s7zT3UN7n2vrH8h/69tOmUh/8cZx/zfERaW/wEAAOBh9qDz/0BhnPm1yv/fnZ86f/nb46+U9S/k/03t5f+uxmnHnR/FCR/uDWFTq6kDAAAAJeL/u899tBDzevbJQZrXO2ZGe6d6blwtG6+Q/wfay//d9/2ZAQAAAAv1v7F/Hb8wNn6zrF7I/9X28v/SBz5zAAAAoF37Tvz/3PoNIyvL6oX8P9xe/l+eb/OVD1mn9+NfIUz0htAz+2AkK3wQxv9ULwAAAAD3SczpX41u/f7jwel3y44r5P+R+e//H+90ENf/N93/r7D+v6GQ3fVvqxsDAAAA8DgqruePt8fPvrmg7Pv3213/f+uXO3b9d+c/vig7fyH/H2sv/3c2bu/n9/8BAADAAvzcvv/vn4Vx5tfq/v/fDN36et3hZwfL+hfy/3h7+T9uVzQ+van4+jzTG8Ka2Qf53QRfi6c7nBQmuxsK2Quf9Ngde+SFyaUNhZqRpMfve0P49eyDY0lhdSyMJ4WZVXnhbFK4HAv59VAvvJ4UpuKV9sKqfLpp4a1YyBdYTMYVFCvqSyKSHrfLeswW7trjev3kAAAAj5UYnvMs293cDGmUnay0OmB5qwM6Wh3Q2eqAruSA9MCy/WG4uRD3v7jtd7evPPHm06FEIf+fbS//x5diSbYpW/8f4vr//HsN6+v/h2OhLylMxkI1vWNANZ4jC7sn4jn6qnmPmTX1AgAAADzS4ucCnYs8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5g7/6D7KrqA4Cf/f0jm91FHAFJNYqA6ZDNJjFKK1MC1UFxpi4OdZw60UR2g9ssJCZhICnthEA7U5hUVKa1o0NDHUdpkUY6jlK1pEyBcaRTm7ZMxWhl/EFtaxnGSodSm87be8/d+87dm/dCdiFLP58/9p33vufnfT/2nXvvOxcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD/h38ZWPMb+1f89Py6+PfPuOHDewcuve+jWw8c3bRpw5EQJmYf78jCHYMrui785sBlj+3f+flzp/rvP9Cbl8vjYVnjT2d+55ai1uUhfLEjhO40sHooC/Tk94difSuGQjgtzAWKElODWYm04fDQQAgHw1ygqOr+gRCGSoErjzz4wIFG4o6BEM4NIfSlbXy7L2tjIA2c15sFBtPA9u4s8F/HMkXgS51ZAE5afDMUL/pDE80ZRucvV/P661mwjr240uF1xcRofb4fX7LInSrpTR+YOKmnrVIdi6Ly9jjs3bYE3m2V7Xy7p638RSr/hnJsLtQXOientm65bmZ3fKQzjI111dW0SM/z40/feNWJpJfM6zB2YHRBXofP3vme68+afMuNt24/54m177vg6Ml2s27zLra+kL/mlszzGG30ebIE3n6Vb0krfekKIfzcB7tv6vrtI5+qi1fm/6PHn//Hl3O87WzKHWt9bjibm8dHhmLiqeFsbg4AAABLxlLYa/qjs1/xe6s61zxeV19l/r+yveP/8ZB/PpnPRns4hI2ziZtHQjhz9vEscHds7gMjIbxmNjXRHLgkCRwO4azZxKqiqqREfyyxMgk8OZwHNiaBh2NgIgl8OgZuTwK3xMChJHBVDBxOApfGQJhuHsfPD+fjaDswEAObs414KJ6F8JPh2Fqyrb5VVAUAALBA8tlhT/Pd0rkOJ5shTi8PDbTKEM/Ars3Ql9SQzmCLaVVtDd2tauhsVUMx7n3HH36l5o5WNVdOw+hoznDpK/7w/BVfu+ELoUZl/j9+/Pl/3zwd6agc/w/hitm/MXdnHpkp4psnmjIAAAAAJ2HtG2a+9idnv+nNdfHK/H9je+f/x30iXaXM4dG4G2LbSAjjzYGs2jdXA9lR72V5AAAAAJaC4nh8cSx8Or/NTtFO59PV/BMnmD8e+N84b/5fCpOnb/vBUxvq+luZ/0+0d/7/YPNt1omHYy8+NhJCfynwSOxlIzBrZQx89+LmQD7+h+MGuC1WlZ+YUFR1WyyxOQbGk8DBuhLfKEqc2RzIn6yi8ZuLcUznJUoBAAAAeMHF3QHxuHw8///Ctd/70KaP7/1cXbnK/H/ziZ3/PzsPrpzeP7MshDXdIXSlPwx4dDBbGDAGhjryxFcHs7q60qpuGgzhosbA0qqeyNf/707XGDwykFUVA2e+9rNPn9dIfGoghDXlwGPvvWt2x8juJFA0/qsDIby6Mdq08S/0Z433pI3/QX8IryoFiqo+0B9Co7HetKoH+/LrGKRV/VlfCKeXAkVVb+wLYU8AYImK/0onyw/u2rN325aZmamdi5iI+/AHwtbpmamxq7bPTPbV9Gky6XPTMkY3VcfU2ebYj+ZLFN1z+dhIO+nid4Lj5b7k+/ErJw7m9+N3oZ7Zca7rabq7Ph3y68+pNpEO6cUY8mC5krknsVJ/zN8bloX+63ZN7Ry7Ycvu3TvXZn/bzb4u+xsPM2Xbam26rQbn61sbL492F0N/vtuq6TJXa3Zfs2PNrj17V09fs+Xqqaunrn3D+LrxdevHN7zpwjWNUY1nf1sM9fz5qk6Geuyu6hDavQbU8x3qK7tLlbwQnxoSEhJLLbHl4q/+5b1nfWJZ3cdPZf6/4/jz//ipEz/58/UZ6o7/j8bD/Nnjc4f5N8fAwXaP/4/WHc0vTgxYmQT2xcA+h/kBAAB4aYi7G+PezLhXuuem1WN//MlHnqwrV5n/72vv9/8LtP5/sXT95XXL/K+KJcbr1v9Pl/kv1v/fV7f+f7rMf7H+/8EXYf3/64pAskl+Yv1/AADgpeCFW/+/5fL+6QUCKhlaLu+fXiCgkqHlMv7tXiDghNf/f/tzr+u55iOvviXUqMz/b29v/m/hfgAAADh13HVkQ8eD//o/D9XFK/P/g+3N/1/49f9C3fn/K+sCE3ULA1r/DwAAgCWqbv2/9a/78ebP/WzFD+vKVeb/h9qb/8fTLjqbcsdanxvO1rQL6Zp2Tw0XPxkAAACApaEzjI21u6Jp08qolzz/Nh/PlwI9Xrrsr758zT8+8tb39tfVV5n/H25v/t/0u4xn73zP9WdNvuXG527dfs4Ta993wdG54/8AAADA4ml3vwQAAAAAAAAAAAAAAPDie3rv5Lv++ew7P1MXr/z+P1wx+3jd7//jdf/i7wte3pQ71tp6/b/8/pXvuHfP7JKFjw6HcE45sG3/ttNCfm3+88uBBzatOqOR2J+W+Mp3Lv1BI/H+NPC21S97ppG4KAlsjosknpUG4lUVn1meBOLyin+fBuL2OJQGevPA7y7PxtGRbqsfDWXbqiPdVo8PhTBSChTb6otDWRsd6QDvSALFAD+UBuIAfyUPdKa9undZ1qsYGIpF/2hZ1isAAE5Z8VtgT9g6PTM1Hr/Cx9tXdjffRk1Llt1UrbajzeaP5kuT3XP52Eg76a70u+jctcZ7Ql9jCGsrX1fLWTpmR7kwtbTYdC+vGXKr1d7a/XX2iW663voRDWQjGrtq+8xkT8uBr2+dZV13yyxrK5OdcpbO2U3aRi1t9KWNEbW5bdrocrzfGcbGupJcvxiDo6HJQr0iyuv81b0Kynn2Tb7xb75x7Nihuvoq8//R9ub/feVxPZNfDGBfvLLezSMhnNnmiAAAAIB2fevL/7Ru+yd+55709ort1956weCPLq4rV5n/r2xv/h93jOWHgrO9HYfj9f+L+f9oFrg7NveBkRBeM5uaiCWyC+pfHkuMZ4G74w6TVbHE5onmqvpj4FASeHI4DxxOAg/HQL6X4rMh35XzkeEQNsymrmgusSOWGE0C74yBlUlgLAbGk8DyGNiYBP59eR6YSAJfj4Ew3byt/ny5vSsAAMDzkM+zeprvhnSed6i7VYaOVhkGW2XobJWhr1WGulHE+/fFDD3JySsdpUw9aa0DSS2VDPFi+Cfcr0qG8I3mnGnBStPx/IPifIOO5gz/dtnrv33erlXtX/9/vL35/2Dzbdb6w3H+P3f9vyzwSOzex+Kp4ytj4LsXNwfyHQMPx8nubUVVE3mJfNJ+WyyxMQZWJoEdMbAxCWy+Ig8cPKM5kM+0i8ZvLhqfzkuUAgAAAPCCizsI4m6aOP//0/+++3MH/uHav64rV5n/b2xv/h/bW1Zu7Jai1uUhfLFjrjdFYPVQFoj7MYbiz+NXDIVwWmkHR1FiajAr0Zs0HB4ayH6h3ptWdf9AtsZAvH/lkQcfONBI3DEQwrmlvS9FG9/uy9oYSAPn9WaBwTSwvTsLxD0/ReBLnVkATlqxVzC+oPJTXQqj85eref29VK4Jmg6vsg90nnzz/eZqsfSlD+T7VAsn9rRVqmNRVN4eh73bluK7bdS7rfxFKv+Gcmwu1Bc6J6e2brluZnd8pPxL1opFep7Lv1JtJ70Ar8N9z7+3rfWlHRhPPj7G5y83/+uwI1b37J3vuf6sybfceOv2c55Y+74LjrbdjRrxh8Lv/uTLRsubd7H1hfw1t+Q+TyZ8nizFfwMrPW2NGexTv//V//jp4z+ri1fm/xPtzf+7k9tZz8aNuWskhNeXNu6jcfP/8kj2OVgKZJ+Sp1cD2SH37w3XfnICAADAQit2dxT7C6bz2+yE8HSeXM0/cYL54/6KjfPmb7ffW29+aP8P/+6Or9TFK/P/zcef//cn3XT83/F/Fonj//M61XdF96cP7DupXdGV6lgUjv/P61R/tzn+Py/H/x3/n4/j/y04/j+vU/1pq3xL2uFLVwjh6++/8+33bP+18+rilfn/jvbm/9b/m3/RvmL9v8116//tqFv/b5/1/wAAgEVVs9BcOs+rrN5XyZCu3lfJ0HKBwJZLDFr/74TX/3vrO//3+mOvuGRnqFGZ/+9rb/4fXw7Lyq0vlfX/Vl5RU9XtMbDDwoAAAACciup2EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDievcvPLl8029eOF0X//4ZN3x478Cl931064GjmzZtOBJClrUjC3cMrui68JsDlz22f+fnz53qv/9AX16uJ789uyl3rPW54RAOlh4Ziomnhht35gJXvuPePd2NxKPDIZxTDmzbv+20RuLTwyGcXw48sGnVGY3E/rTEV75z6Q8aifengbetftkzjcRFeaAj7e4nl2fd7Ui7e2B5CCOlQNHdX1/eXFXRxmV5oDNt4zNDWRsxMBSLfnwoayMGZmKJ6f4Q1nSH0JVW9bW+rKqutKq/6Muq6kqr+q2+EC4KIXSnVX2nN6uqOx353/ZmVcXAma/97NPnNRIHe0NYUw489t67NjQSH0oCRePv6g3h1Y2XTNr4fT1Z4z1p43f0hPCqEEJvWuI/u7MSvWmJJ7pDOL0UKBr/YHcIewIvCfHDZ7L84K49e7dtmZmZ2rmIid68rYGwdXpmauyq7TOTfUmf6nSU0sduOn78eI4+feNVjdt7Lh8baSfdnZfrme3yup6mu+sXqvftOtHex34NliuZez4q9cf8vWFZ6L9u19TOsRu27N69c232t93s67K/XXk021ZrF2pbdbYoHz3fbXV+uZI1u6/ZsWbXnr2rp6/ZcvXU1VPXvmF83fi69eMb3nThmsaoxrO/CzHUu44fX4yhvrK7VMkL8QEgISGx1BKdTZ9u46f6P73KF/25jvaEvtkP6Mq0opylY3aUCzHoS6rxrkUadGVKUhnR2srEoZJlXess6yuTibksA1mW2e91lclhuabO2U0a73eGsbHazTLafLe8eX88z+Zt1+P5pms3DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/B87cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAsAAAAACPO3DqNnAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBSAAAA//+3Rsqd")
syz_mount_image$fuse(&(0x7f0000000140), &(0x7f00000001c0)='./file0\x00', 0x40000, &(0x7f0000000380)=ANY=[], 0x1, 0x0, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000440)={0x2, 0x4, {0xffffffffffffffff, @struct={0xfffffffd, 0x4}, 0x0, 0x2, 0x0, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @struct={0x0, 0xce82}, 0x4000, 0x3, [0x0, 0x8, 0x1000000000, 0x0, 0x0, 0x6]}, {0xfffffffffffffffe, @struct={0x1, 0x9}, 0x0, 0xffffffffffffffff, 0x1, 0x1, 0x0, 0x8, 0x58a, @struct={0x6a, 0x9}, 0x3, 0xa, [0x0, 0x1000004, 0x2, 0xfffffffffffffffc, 0x0, 0x1]}, {0x6, @struct={0x4, 0x8}, 0x0, 0x80, 0xe000000, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x2, 0x78, @usage=0x7fffffffffffffff, 0x3, 0x4, [0x8945, 0x800004, 0x0, 0x3ff, 0xe]}})
open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)

2.180871525s ago: executing program 0 (id=915):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000700)=ANY=[@ANYBLOB="1201000059d360205f0501d09288000000010902120001000000000904"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000240)={0x2c, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0})

1.991597923s ago: executing program 4 (id=916):
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c6261636b67726f756e645f67633d6f6e2c6e6f757365725f78617474722c6e6f71756f74612c64697361626c655f726f6c6c5f666f72776172642c67635f6d657267652c6e6f757365725f78617474722c636865636b706f696e743d64697361626c652c757365725f78617474722c6673796e635f6d6f64653d7374726963742c646973636172645f756e69743d73656374696f6e2c636865636b706f696e743d64697361626c652c6e6f696e6c696e655f64656e7472792c00ec6da92d1c80a6c720380e3c2c55bf27596d2776ce408c4bb19b149757508e1c7e919c6c2047023baa412d14fa75c8cac6e5f103e13ea52708af0a7c5da8af4ecb6612"], 0x2, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = open(&(0x7f0000000180)='./bus\x00', 0x14957e, 0x0)
readahead(r0, 0x0, 0xfffffffffffffffd)

432.743058ms ago: executing program 1 (id=917):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000180081064e81f782db44b904021d080006067c09e8fe55a10a0015400400142603600e120800060000001001", 0x30}], 0x1}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2000000020008107090f9becdb4cb96b020000", 0x13}], 0x1, 0x0, 0x0, 0x81000000}, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="2539000020000365f507f62aa6172f7881"], 0x33fe0)

353.635725ms ago: executing program 3 (id=918):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x80, 0x0, 0x87}, {0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, {0xfffffffffffffffd}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}, 0xb8}}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@updpolicy={0xb8, 0x15, 0x1, 0x70bd2d, 0x300, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x4e20, 0x0, 0xa}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {0x0, 0x2}}}, 0xb8}}, 0x0)

215.692848ms ago: executing program 4 (id=919):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r1, 0x0)
ioctl$BLKZEROOUT(r1, 0x127f, &(0x7f00000000c0)={0x4000, 0x80600})

208.99242ms ago: executing program 0 (id=920):
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
setns(r1, 0x8020000)
mount_setattr(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x8000, &(0x7f0000001dc0)={0xf, 0x89, 0x40000, {r1}}, 0x20)

0s ago: executing program 0 (id=921):
r0 = syz_usb_connect(0x5, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="120100000cb768405e0483020b990102030109021b000100000000090400000101290000090509"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_open_dev$audion(&(0x7f00000011c0), 0x3, 0x8c4201)
syz_open_dev$audion(&(0x7f00000011c0), 0x3, 0x8c4201)

kernel console output (not intermixed with test programs):

ead reg index 0x00000014: -32
[  104.612777][ T1187] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -32
[  104.624706][ T1187] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind
[  104.647691][ T6057] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  104.670711][ T1187] smsc75xx: probe of 3-1:0.184 failed with error -32
[  104.695449][ T6057] EXT4-fs warning (device loop0): ext4_empty_dir:3156: inode #11: comm syz.0.55: directory missing '..'
[  104.723547][ T1187] usb 3-1: USB disconnect, device number 3
[  104.761966][ T5802] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  104.895025][ T6066] loop0: detected capacity change from 0 to 128
[  104.945739][ T6066] EXT4-fs (loop0): VFS: Found ext4 filesystem with unknown checksum algorithm.
[  104.956394][ T5801] udevd[5801]: incorrect ext4 checksum on /dev/loop0
[  105.038011][ T5801] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  105.134483][ T6072] bridge0: port 2(bridge_slave_1) entered disabled state
[  106.218922][ T5859] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  106.267748][ T6112] netlink: 8 bytes leftover after parsing attributes in process `syz.1.79'.
[  106.411036][ T5859] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  106.433135][ T5859] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  106.453285][ T5859] usb 4-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af
[  106.478841][ T5859] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  106.499714][ T5859] usb 4-1: config 0 descriptor??
[  106.538143][ T6114] netlink: 'syz.1.80': attribute type 12 has an invalid length.
[  106.769306][ T6108] loop2: detected capacity change from 0 to 32768
[  106.847495][ T6108] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  106.923275][ T5859] playstation 0003:054C:0DF2.0001: unknown main item tag 0x0
[  107.010705][ T5859] playstation 0003:054C:0DF2.0001: unknown main item tag 0x0
[  107.033378][ T6130] loop1: detected capacity change from 0 to 1024
[  107.067803][ T5859] playstation 0003:054C:0DF2.0001: unknown main item tag 0x0
[  107.090348][ T6108] XFS (loop2): Ending clean mount
[  107.107895][ T5859] playstation 0003:054C:0DF2.0001: unknown main item tag 0x0
[  107.141801][ T5859] playstation 0003:054C:0DF2.0001: unknown main item tag 0x0
[  107.180325][ T6108] XFS (loop2): Quotacheck needed: Please wait.
[  107.206297][ T5859] playstation 0003:054C:0DF2.0001: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.3-1/input0
[  107.304099][ T6110] loop0: detected capacity change from 0 to 32768
[  107.314268][ T5859] playstation 0003:054C:0DF2.0001: Invalid byte count transferred, expected 20 got 0
[  107.327293][ T5859] playstation 0003:054C:0DF2.0001: Failed to retrieve DualSense pairing info: -22
[  107.336775][ T6108] XFS (loop2): Quotacheck: Done.
[  107.357893][ T5859] playstation 0003:054C:0DF2.0001: Failed to get MAC address from DualSense
[  107.390727][ T5859] playstation 0003:054C:0DF2.0001: Failed to create dualsense.
[  107.414393][ T6110] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  107.446143][ T5859] playstation: probe of 0003:054C:0DF2.0001 failed with error -22
[  107.463241][ T5797] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  107.526733][ T5859] usb 4-1: USB disconnect, device number 2
[  107.536650][ T6133] fido_id[6133]: Failed to read report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:054C:0DF2.0001/report_descriptor': No such device
[  107.653303][ T6110] XFS (loop0): Ending clean mount
[  107.890611][ T5802] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  108.267801][ T6151] loop1: detected capacity change from 0 to 512
[  108.302989][ T6151] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  108.333419][ T6151] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  108.390348][ T6151] EXT4-fs (loop1): 1 truncate cleaned up
[  108.437896][ T6151] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  108.598793][ T5859] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  108.665344][ T5790] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  108.814629][ T6167] warning: `syz.3.98' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  108.818834][ T5859] usb 1-1: Using ep0 maxpacket: 8
[  108.854710][ T5859] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xEE, skipping
[  108.880042][ T5859] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  108.918291][ T5859] usb 1-1: New USB device found, idVendor=187f, idProduct=0200, bcdDevice=6b.ad
[  108.949956][ T5859] usb 1-1: New USB device strings: Mfr=55, Product=237, SerialNumber=3
[  108.978607][ T5859] usb 1-1: Product: syz
[  108.982896][ T5859] usb 1-1: Manufacturer: syz
[  108.987611][ T5859] usb 1-1: SerialNumber: syz
[  109.019589][ T5859] usb 1-1: config 0 descriptor??
[  109.034088][ T5859] smsusb:smsusb_probe: board id=2, interface number 0
[  109.049393][ T5859] smsusb:smsusb_probe: Device initialized with return code -19
[  109.255268][ T5859] usb 1-1: USB disconnect, device number 4
[  109.393321][ T6183] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  110.188346][   T23] hid-generic 0005:16BF:5505.0002: unknown main item tag 0x0
[  110.211298][ T6211] loop1: detected capacity change from 0 to 512
[  110.278626][   T23] hid-generic 0005:16BF:5505.0002: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  111.007136][ T6230] loop0: detected capacity change from 0 to 512
[  111.082263][ T6230] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  111.265578][ T6219] loop3: detected capacity change from 0 to 32768
[  111.304005][ T6219] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.120 (6219)
[  111.322663][ T5802] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  111.363816][ T6219] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  111.389098][ T6219] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  111.415806][ T6219] BTRFS info (device loop3): setting nodatacow, compression disabled
[  111.443821][ T6219] BTRFS info (device loop3): max_inline at 0
[  111.459117][ T6219] BTRFS info (device loop3): enabling disk space caching
[  111.476950][ T6219] BTRFS info (device loop3): turning off barriers
[  111.495944][ T6219] BTRFS info (device loop3): turning on flush-on-commit
[  111.518928][ T6219] BTRFS info (device loop3): doing ref verification
[  111.526837][ T6219] BTRFS info (device loop3): force clearing of disk cache
[  111.539066][ T5779] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  111.547129][ T6219] BTRFS info (device loop3): enabling ssd optimizations
[  111.571075][ T6219] BTRFS info (device loop3): max_inline at 4096
[  111.577397][ T6219] BTRFS info (device loop3): disk space caching is enabled
[  111.747499][ T6219] BTRFS info (device loop3): auto enabling async discard
[  111.760917][ T5779] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  111.774857][ T6219] BTRFS info (device loop3): rebuilding free space tree
[  111.782017][ T5779] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  111.801764][ T5779] usb 3-1: config 0 descriptor??
[  111.812386][ T5779] cp210x 3-1:0.0: cp210x converter detected
[  111.821345][ T6219] BTRFS info (device loop3): disabling free space tree
[  111.828314][ T6219] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  111.849407][ T6219] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  111.910509][ T6253] loop0: detected capacity change from 0 to 8192
[  111.931681][ T6253] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  111.968042][ T6253] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[  111.979451][ T6253] REISERFS (device loop0): using ordered data mode
[  111.986095][ T6253] reiserfs: using flush barriers
[  111.996330][ T6253] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  112.027159][   T27] audit: type=1800 audit(1760065060.975:2): pid=6219 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.120" name="file1" dev="loop3" ino=260 res=0 errno=0
[  112.069718][ T6253] REISERFS (device loop0): checking transaction log (loop0)
[  112.098204][ T6253] REISERFS (device loop0): Using r5 hash to sort names
[  112.143589][ T6253] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[  112.255559][ T5779] cp210x 3-1:0.0: failed to get vendor val 0x000e size 3: -121
[  112.270223][ T5795] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  112.557939][ T6268] loop1: detected capacity change from 0 to 128
[  112.670717][ T5779] cp210x 3-1:0.0: failed to get vendor val 0x370c size 15: -71
[  112.701799][ T5779] cp210x 3-1:0.0: GPIO initialisation failed: -71
[  112.750692][ T5779] usb 3-1: cp210x converter now attached to ttyUSB0
[  112.793413][ T6268] syz.1.136: attempt to access beyond end of device
[  112.793413][ T6268] loop1: rw=2049, sector=154, nr_sectors = 96 limit=128
[  112.814046][ T5779] usb 3-1: USB disconnect, device number 4
[  112.834591][ T6268] syz.1.136: attempt to access beyond end of device
[  112.834591][ T6268] loop1: rw=2049, sector=138, nr_sectors = 16 limit=128
[  112.861465][ T5779] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  112.881633][ T5779] cp210x 3-1:0.0: device disconnected
[  112.938956][ T5877] usb 1-1: new full-speed USB device number 5 using dummy_hcd
[  113.131578][ T5877] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  113.145334][ T5877] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2
[  113.158998][ T5877] usb 1-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  113.168422][ T5877] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  113.189446][ T5877] usb 1-1: config 0 descriptor??
[  113.207428][ T5877] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  113.227254][ T5877] dvb-usb: bulk message failed: -22 (3/0)
[  113.275076][ T5877] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  113.308125][ T5877] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  113.338120][ T5877] usb 1-1: media controller created
[  113.351228][ T5877] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  113.404485][ T5877] dvb-usb: bulk message failed: -22 (6/0)
[  113.425363][ T5877] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  113.455203][ T5877] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input7
[  113.508604][ T5877] dvb-usb: schedule remote query interval to 150 msecs.
[  113.515741][ T5877] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  113.670785][ T1187] dvb-usb: bulk message failed: -22 (1/0)
[  113.681013][ T1187] dvb-usb: error while querying for an remote control event.
[  113.837170][ T1187] usb 1-1: USB disconnect, device number 5
[  113.879114][ T5877] usb 2-1: new full-speed USB device number 4 using dummy_hcd
[  113.903158][ T1187] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  114.074878][ T6292] loop3: detected capacity change from 0 to 4096
[  114.086776][ T6292] ntfs: (device loop3): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel.
[  114.125056][ T6292] ntfs: (device loop3): ntfs_is_extended_system_file(): Non-resident file name. You should run chkdsk.
[  114.128182][ T5877] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  114.158898][ T6292] ntfs: (device loop3): ntfs_read_locked_inode(): $DATA attribute is missing.
[  114.158916][ T5877] usb 2-1: New USB device found, idVendor=050d, idProduct=3201, bcdDevice= 0.00
[  114.185340][ T6292] ntfs: (device loop3): ntfs_read_locked_inode(): Failed with error code -2.  Marking corrupt inode 0x1 as bad.  Run chkdsk.
[  114.198762][ T5877] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  114.214473][ T6292] ntfs: (device loop3): load_system_files(): Failed to load $MFTMirr.  Mounting read-only.  Run ntfsfix and/or chkdsk.
[  114.227792][ T5877] usb 2-1: config 0 descriptor??
[  114.234231][ T6285] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  114.290139][ T6292] ntfs: volume version 3.1.
[  114.337798][ T6292] ntfs: (device loop3): ntfs_nlstoucs(): Name is too long (maximum length for a name on NTFS is 255 Unicode characters.
[  114.596145][ T6290] loop2: detected capacity change from 0 to 32768
[  114.655657][ T6290] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  114.709641][ T5877] belkin 0003:050D:3201.0003: item fetching failed at offset 0/3
[  114.728307][ T5877] belkin 0003:050D:3201.0003: parse failed
[  114.734575][ T5877] belkin: probe of 0003:050D:3201.0003 failed with error -22
[  114.906168][    T9] usb 2-1: USB disconnect, device number 4
[  115.005618][ T6290] XFS (loop2): Ending clean mount
[  115.038046][ T6290] XFS (loop2): Quotacheck needed: Please wait.
[  115.148460][ T6290] XFS (loop2): Quotacheck: Done.
[  115.166762][ T6311] Bluetooth: MGMT ver 1.22
[  115.381670][ T5797] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  115.796759][ T6320] loop3: detected capacity change from 0 to 4096
[  115.819895][ T6320] ntfs: (device loop3): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel.
[  115.876538][ T6320] ntfs: (device loop3): read_ntfs_boot_sector(): Primary boot sector is invalid.
[  115.887397][ T6320] ntfs: (device loop3): read_ntfs_boot_sector(): Hot-fix: Recovering invalid primary boot sector from backup copy.
[  115.934847][ T6320] ntfs: volume version 3.1.
[  116.009100][ T3062] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  116.072342][ T6326] loop1: detected capacity change from 0 to 8192
[  116.109990][ T6326] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  116.123931][ T6326] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal
[  116.135401][ T6326] REISERFS (device loop1): using ordered data mode
[  116.142062][ T6326] reiserfs: using flush barriers
[  116.150881][ T6326] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  116.203382][ T6326] REISERFS (device loop1): checking transaction log (loop1)
[  116.213089][ T3062] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  116.222369][ T3062] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  116.232902][ T3062] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  116.242168][ T3062] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  116.253506][ T3062] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  116.268251][ T3062] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  116.278115][ T3062] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  116.291108][ T6326] REISERFS (device loop1): Using r5 hash to sort names
[  116.308513][ T3062] usb 1-1: Product: syz
[  116.313161][ T6326] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage.
[  116.322642][ T3062] usb 1-1: Manufacturer: syz
[  116.339037][ T3062] cdc_wdm 1-1:1.0: skipping garbage
[  116.354450][ T3062] cdc_wdm 1-1:1.0: skipping garbage
[  116.392746][ T6333] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  116.410274][ T3062] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  116.439882][ T6334] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  116.447537][ T3062] cdc_wdm 1-1:1.0: Unknown control protocol
[  116.596167][ T3062] usb 1-1: USB disconnect, device number 6
[  116.832385][ T6340] kvm: user requested TSC rate below hardware speed
[  117.388371][ T6360] netlink: 864 bytes leftover after parsing attributes in process `syz.2.171'.
[  117.681061][ T6366] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22
[  117.696974][ T6368] loop1: detected capacity change from 0 to 256
[  117.703546][ T6366] netdevsim netdevsim0: Direct firmware load for . failed with error -22
[  117.767907][ T6366] netdevsim netdevsim0: Falling back to sysfs fallback for: .
[  117.776480][ T6368] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3ec, utbl_chksum : 0xe619d30d)
[  117.906295][ T6349] loop3: detected capacity change from 0 to 32768
[  117.922054][ T6349] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 scanned by syz.3.166 (6349)
[  117.975016][ T6349] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  117.994630][ T6349] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm
[  118.004091][ T6349] BTRFS info (device loop3): enabling auto defrag
[  118.015604][ T6349] BTRFS info (device loop3): max_inline at 0
[  118.024207][ T6349] BTRFS info (device loop3): force clearing of disk cache
[  118.036842][ T6349] BTRFS info (device loop3): turning on sync discard
[  118.068612][ T6349] BTRFS info (device loop3): using free space tree
[  118.151266][ T6349] BTRFS info (device loop3): enabling ssd optimizations
[  118.175446][ T6392] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  118.205539][ T6349] BTRFS info (device loop3): rebuilding free space tree
[  118.275070][ T6393] loop2: detected capacity change from 0 to 2048
[  118.331579][ T6393] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  118.399360][ T5795] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  118.477960][ T6395] input: syz1 as /devices/virtual/input/input8
[  118.707026][ T5881] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 10 /dev/loop3 scanned by udevd (5881)
[  119.042735][ T6412] loop2: detected capacity change from 0 to 128
[  119.167904][   T27] kauditd_printk_skb: 17 callbacks suppressed
[  119.167920][   T27] audit: type=1800 audit(1760065068.125:3): pid=6412 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.186" name="file2" dev="loop2" ino=1048598 res=0 errno=0
[  119.170557][ T6412] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[  119.208833][ T6412] FAT-fs (loop2): Filesystem has been set read-only
[  119.238801][ T6412] syz.2.186: attempt to access beyond end of device
[  119.238801][ T6412] loop2: rw=524288, sector=2065, nr_sectors = 8 limit=128
[  119.272497][ T6412] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[  119.285637][ T6414] tipc: Started in network mode
[  119.296844][ T6414] tipc: Node identity 74725f6c656e3a2, cluster identity 4711
[  119.304615][ T6412] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[  119.314741][ T6414] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  119.326674][ T6411] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[  119.343453][ T6411] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[  119.352891][ T6411] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[  119.395616][ T6412] syz.2.186: attempt to access beyond end of device
[  119.395616][ T6412] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128
[  119.447863][ T6412] syz.2.186: attempt to access beyond end of device
[  119.447863][ T6412] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128
[  119.470034][ T6411] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[  119.492588][ T6412] syz.2.186: attempt to access beyond end of device
[  119.492588][ T6412] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128
[  119.533619][ T6420] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[  119.556665][ T6412] syz.2.186: attempt to access beyond end of device
[  119.556665][ T6412] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128
[  119.575929][ T6420] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[  119.599257][ T6412] syz.2.186: attempt to access beyond end of device
[  119.599257][ T6412] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128
[  119.612812][ T6420] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[  119.642617][ T6420] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[  119.655437][ T6412] syz.2.186: attempt to access beyond end of device
[  119.655437][ T6412] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128
[  119.674354][ T6412] syz.2.186: attempt to access beyond end of device
[  119.674354][ T6412] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128
[  119.698280][ T6412] syz.2.186: attempt to access beyond end of device
[  119.698280][ T6412] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128
[  119.732507][ T6412] syz.2.186: attempt to access beyond end of device
[  119.732507][ T6412] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128
[  119.869271][ T6429] loop1: detected capacity change from 0 to 64
[  119.898900][ T6429] hfs: unable to locate alternate MDB
[  119.922021][ T6429] hfs: continuing without an alternate MDB
[  120.444194][ T6449] capability: warning: `syz.0.199' uses deprecated v2 capabilities in a way that may be insecure
[  120.585151][ T6453] netlink: 20 bytes leftover after parsing attributes in process `syz.0.201'.
[  120.598160][ T6455] program syz.1.202 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  120.782755][ T6459] loop1: detected capacity change from 0 to 4096
[  120.810064][ T6459] ntfs: (device loop1): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match.  Run ntfsfix or chkdsk.
[  120.824538][ T6459] ntfs: (device loop1): load_system_files(): $MFTMirr does not match $MFT.  Mounting read-only.  Run ntfsfix and/or chkdsk.
[  120.842198][ T6459] ntfs: (device loop1): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn.
[  120.859474][ T6459] ntfs: (device loop1): ntfs_read_locked_inode(): Failed with error code -5.  Marking corrupt inode 0xa as bad.  Run chkdsk.
[  120.875132][ T6459] ntfs: (device loop1): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default.
[  120.904544][ T6459] ntfs: volume version 3.1.
[  120.921526][ T6459] ntfs: (device loop1): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty.
[  120.941916][ T6459] ntfs: (device loop1): load_system_files(): Failed to load $LogFile.  Will not be able to remount read-write.  Mount in Windows.
[  120.975443][ T6461] loop0: detected capacity change from 0 to 8192
[  120.982940][ T6459] ntfs: (device loop1): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5.
[  121.012131][ T6459] ntfs: (device loop1): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys.
[  121.046805][ T6461] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  121.467633][ T6469] loop3: detected capacity change from 0 to 128
[  121.571917][ T6469] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  121.620851][ T6469] hpfs: filesystem error: improperly stopped
[  121.650287][ T6469] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  121.675227][ T6469] hpfs: You really don't want any checks? You are crazy...
[  121.693056][ T6475] loop2: detected capacity change from 0 to 128
[  121.702263][ T6469] hpfs: hpfs_map_sector(): read error
[  121.707698][ T6469] hpfs: code page support is disabled
[  121.717326][ T6469] hpfs: hpfs_map_4sectors(): unaligned read
[  121.734437][ T6469] hpfs: hpfs_map_4sectors(): unaligned read
[  121.769832][ T6469] hpfs: filesystem error: unable to find root dir
[  122.841729][ T6503] loop2: detected capacity change from 0 to 64
[  122.882780][ T6503] BFS-fs: bfs_fill_super(): loop2 is unclean, continuing
[  123.397245][ T6518] loop0: detected capacity change from 0 to 1764
[  123.501298][   T23] kernel write not supported for file /input/mouse0 (pid: 23 comm: kworker/1:0)
[  123.892174][ T6530] loop7: detected capacity change from 0 to 7
[  123.905593][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  123.915235][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  123.949513][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  123.958805][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  123.988859][ T5877] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  124.004009][ T6530] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  124.033719][ T6530] Buffer I/O error on dev loop7, logical block 0, async page read
[  124.047235][ T6530] ldm_validate_partition_table(): Disk read failed.
[  124.056342][ T6530] Dev loop7: unable to read RDB block 0
[  124.067364][ T6530]  loop7: unable to read partition table
[  124.075151][ T6530] loop7: partition table beyond EOD, truncated
[  124.091661][ T6530] loop_reread_partitions: partition scan of loop7 () failed (rc=-5)
[  124.180944][ T5877] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  124.228754][ T5877] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  124.261961][ T5877] usb 3-1: config 0 descriptor??
[  124.281939][ T5877] cp210x 3-1:0.0: cp210x converter detected
[  124.327162][ T6523] loop1: detected capacity change from 0 to 32768
[  124.409131][ T6523] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  124.688001][ T6523] XFS (loop1): Ending clean mount
[  124.701427][ T5877] cp210x 3-1:0.0: failed to get vendor val 0x000e size 3: -32
[  124.745650][ T5877] usb 3-1: cp210x converter now attached to ttyUSB0
[  124.753426][ T6523] XFS (loop1): Quotacheck needed: Please wait.
[  124.762288][ T6547] loop3: detected capacity change from 0 to 2048
[  124.818263][ T6547] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  124.836850][ T6535] loop0: detected capacity change from 0 to 32768
[  124.882084][ T6535] XFS: noikeep mount option is deprecated.
[  124.897323][ T6523] XFS (loop1): Quotacheck: Done.
[  124.910607][   T27] kauditd_printk_skb: 8 callbacks suppressed
[  124.910623][   T27] audit: type=1800 audit(1760065073.865:5): pid=6547 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.240" name="file1" dev="loop3" ino=1346 res=0 errno=0
[  124.944635][    T9] usb 3-1: USB disconnect, device number 5
[  124.979568][    T9] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  125.033330][    T9] cp210x 3-1:0.0: device disconnected
[  125.082709][ T6535] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  125.167428][ T5790] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  125.230783][ T6557] loop3: detected capacity change from 0 to 1024
[  125.320501][ T6557] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  125.339480][ T6535] XFS (loop0): Ending clean mount
[  125.370098][ T6557] ext4 filesystem being mounted at /58/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  125.390232][ T6535] XFS (loop0): Quotacheck needed: Please wait.
[  125.425314][   T27] audit: type=1800 audit(1760065074.385:6): pid=6557 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.241" name="file1" dev="loop3" ino=15 res=0 errno=0
[  125.483605][ T6535] XFS (loop0): Quotacheck: Done.
[  125.538443][ T5795] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  125.765097][ T6564] netlink: 428 bytes leftover after parsing attributes in process `syz.3.243'.
[  125.785093][ T5802] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  125.797492][ T6564] netlink: 104 bytes leftover after parsing attributes in process `syz.3.243'.
[  126.120692][   T27] audit: type=1326 audit(1760065075.075:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6572 comm="syz.2.248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9abe18eec9 code=0x7ffc0000
[  126.187393][   T27] audit: type=1326 audit(1760065075.105:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6572 comm="syz.2.248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9abe18eec9 code=0x7ffc0000
[  126.248803][   T27] audit: type=1326 audit(1760065075.105:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6572 comm="syz.2.248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f9abe18eec9 code=0x7ffc0000
[  126.328903][   T27] audit: type=1326 audit(1760065075.105:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6572 comm="syz.2.248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9abe18eec9 code=0x7ffc0000
[  126.376345][ T6577] loop0: detected capacity change from 0 to 1024
[  126.412868][ T6577] EXT4-fs: Ignoring removed bh option
[  126.418548][   T27] audit: type=1326 audit(1760065075.105:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6572 comm="syz.2.248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9abe18eec9 code=0x7ffc0000
[  126.459256][   T27] audit: type=1326 audit(1760065075.105:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6572 comm="syz.2.248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=88 compat=0 ip=0x7f9abe18eec9 code=0x7ffc0000
[  126.537739][ T6577] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  126.569795][   T27] audit: type=1326 audit(1760065075.105:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6572 comm="syz.2.248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9abe18eec9 code=0x7ffc0000
[  126.592431][   T27] audit: type=1326 audit(1760065075.105:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6572 comm="syz.2.248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9abe18eec9 code=0x7ffc0000
[  126.661055][ T6577] EXT4-fs warning (device loop0): ext4_empty_dir:3147: inode #11: comm syz.0.245: directory missing '.'
[  126.852216][ T5802] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  127.128050][ T5104] Bluetooth: hci0: Dropping invalid advertising data
[  127.136556][ T5104] Bluetooth: hci0: Malformed LE Event: 0x02
[  127.183650][ T6602] loop0: detected capacity change from 0 to 2048
[  127.241281][ T6602] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024)
[  127.354662][ T6607] netlink: 28 bytes leftover after parsing attributes in process `syz.2.260'.
[  127.380786][ T6608] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  127.456140][ T6610] loop1: detected capacity change from 0 to 512
[  127.559899][ T6610] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  127.617923][ T6610] ext4 filesystem being mounted at /75/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  127.780985][ T6610] EXT4-fs error (device loop1): ext4_acquire_dquot:6940: comm syz.1.261: Failed to acquire dquot type 1
[  127.936586][ T5790] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  128.329000][ T6636] loop3: detected capacity change from 0 to 4096
[  128.493573][ T6640] loop1: detected capacity change from 0 to 4096
[  128.614667][ T6643] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  128.832540][ T6645] tipc: Started in network mode
[  128.837499][ T6645] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[  128.886574][ T6645] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  129.219189][ T6655] netlink: 40 bytes leftover after parsing attributes in process `syz.3.276'.
[  129.449127][ T6659] netlink: 60 bytes leftover after parsing attributes in process `syz.3.278'.
[  129.461200][ T6657] loop0: detected capacity change from 0 to 8192
[  130.287292][ T6662] loop2: detected capacity change from 0 to 32768
[  130.324566][ T6663] loop1: detected capacity change from 0 to 32768
[  130.324665][ T6662] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.280 (6662)
[  130.392509][ T6662] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  130.407236][ T6663] BTRFS error: device /dev/loop1 already registered with a higher generation, found 8 expect 10
[  130.426364][ T6662] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  130.467158][ T6662] BTRFS info (device loop2): setting nodatacow, compression disabled
[  130.482000][ T6665] loop3: detected capacity change from 0 to 32768
[  130.491795][ T6662] BTRFS info (device loop2): max_inline at 0
[  130.513780][ T6662] BTRFS info (device loop2): enabling disk space caching
[  130.531571][ T6662] BTRFS info (device loop2): turning off barriers
[  130.568885][ T6662] BTRFS info (device loop2): turning on flush-on-commit
[  130.578324][ T6662] BTRFS info (device loop2): doing ref verification
[  130.605009][ T6662] BTRFS info (device loop2): force clearing of disk cache
[  130.678773][ T6662] BTRFS info (device loop2): enabling ssd optimizations
[  130.724327][ T6662] BTRFS info (device loop2): max_inline at 4096
[  130.741447][ T6665] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  130.762384][ T6662] BTRFS info (device loop2): disk space caching is enabled
[  130.771147][ T5801] BTRFS error: device /dev/loop1 already registered with a higher generation, found 8 expect 10
[  130.808183][ T1117] (kworker/u4:6,1117,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #72: rec_len is smaller than minimal - offset=0, inode=648518346341351496, rec_len=0, name_len=0
[  131.068770][ T3062] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  131.076791][ T6662] BTRFS info (device loop2): auto enabling async discard
[  131.171759][ T6662] BTRFS info (device loop2): rebuilding free space tree
[  131.252741][ T3062] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  131.264883][ T6662] BTRFS info (device loop2): disabling free space tree
[  131.276915][ T3062] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  131.283138][ T6662] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  131.308136][ T6662] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  131.329275][ T3062] usb 2-1: config 0 descriptor??
[  131.330259][ T5795] ocfs2: Unmounting device (7,3) on (node local)
[  131.357022][ T3062] cp210x 2-1:0.0: cp210x converter detected
[  131.654710][ T5797] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  131.761475][ T3062] cp210x 2-1:0.0: failed to get vendor val 0x000e size 3: -32
[  131.837775][ T3062] usb 2-1: cp210x converter now attached to ttyUSB0
[  132.023493][ T3062] usb 2-1: USB disconnect, device number 5
[  132.058762][ T3062] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  132.106829][ T3062] cp210x 2-1:0.0: device disconnected
[  132.211447][ T6713] Driver unsupported XDP return value 0 on prog  (id 23) dev N/A, expect packet loss!
[  132.358247][ T6718] macvtap0: entered promiscuous mode
[  132.386732][ T6718] macvtap0: left promiscuous mode
[  132.484469][ T6721] loop2: detected capacity change from 0 to 512
[  132.507418][ T6721] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349)
[  132.549621][ T6721] EXT4-fs (loop2): orphan cleanup on readonly fs
[  132.571238][ T6721] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:512: comm syz.2.295: Block bitmap for bg 0 marked uninitialized
[  132.597813][ T6721] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6637: Corrupt filesystem
[  132.629349][ T6721] EXT4-fs (loop2): 1 orphan inode deleted
[  132.649123][ T6721] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  132.760171][ T6721] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended
[  132.803533][ T6721] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  132.945465][ T5797] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  133.157492][ T6715] loop0: detected capacity change from 0 to 32768
[  133.169283][ T6736] ip6gre1: entered promiscuous mode
[  133.174581][ T6736] ip6gre1: entered allmulticast mode
[  133.207802][ T1284] ieee802154 phy0 wpan0: encryption failed: -22
[  133.215461][ T1284] ieee802154 phy1 wpan1: encryption failed: -22
[  133.260965][ T6715] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  133.323844][ T6748] loop3: detected capacity change from 0 to 2048
[  133.337369][ T6746] loop1: detected capacity change from 0 to 1024
[  133.381072][ T6748] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  133.452388][ T6715] XFS (loop0): Ending clean mount
[  133.550947][   T27] kauditd_printk_skb: 2 callbacks suppressed
[  133.550962][   T27] audit: type=1800 audit(1760065082.505:15): pid=6715 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.292" name="file1" dev="loop0" ino=4422 res=0 errno=0
[  133.765714][ T5802] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  133.808802][ T3489] hfsplus: b-tree write err: -5, ino 8
[  134.213192][ T6765] loop0: detected capacity change from 0 to 1024
[  134.305998][ T6765] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  134.376875][ T5802] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  134.585604][ T1187] IPVS: starting estimator thread 0...
[  134.689043][ T6780] IPVS: using max 16 ests per chain, 38400 per kthread
[  134.968108][ T6790] loop2: detected capacity change from 0 to 512
[  135.026121][ T6792] loop1: detected capacity change from 0 to 1024
[  135.035094][ T6790] EXT4-fs warning (device loop2): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  135.049265][ T6790] EXT4-fs warning (device loop2): dx_probe:881: Enable large directory feature to access it
[  135.050735][ T6792] EXT4-fs: Ignoring removed nomblk_io_submit option
[  135.062066][ T6796] loop3: detected capacity change from 0 to 2048
[  135.089859][ T6790] EXT4-fs warning (device loop2): dx_probe:966: inode #2: comm syz.2.322: Corrupt directory, running e2fsck is recommended
[  135.135090][ T6790] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117
[  135.144439][ T6792] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  135.157984][ T6790] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2244: inode #15: comm syz.2.322: corrupted in-inode xattr: invalid ea_ino
[  135.185624][ T6790] EXT4-fs (loop2): Remounting filesystem read-only
[  135.209460][ T6790] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  135.225735][ T6796] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024)
[  135.263999][ T5797] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  135.273305][ T3062] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  135.350634][ T6800] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  135.360524][ T6796] bio_check_eod: 621 callbacks suppressed
[  135.360545][ T6796] syz.3.325: attempt to access beyond end of device
[  135.360545][ T6796] loop3: rw=524288, sector=33554430, nr_sectors = 2 limit=2048
[  135.457101][ T5790] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  135.529752][ T3062] usb 1-1: Using ep0 maxpacket: 16
[  135.539148][ T3062] usb 1-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  135.564801][ T3062] usb 1-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0
[  135.589555][ T3062] usb 1-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 28
[  135.618686][ T3062] usb 1-1: config 0 interface 0 has no altsetting 0
[  135.625437][ T3062] usb 1-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  135.679054][ T3062] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  135.690640][ T3062] usb 1-1: config 0 descriptor??
[  136.067361][ T6815] loop3: detected capacity change from 0 to 1024
[  136.098076][ T6815] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  136.113666][ T3062] hid (null): invalid report_size 27418
[  136.186645][ T6815] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  136.318145][ T3062] usb 1-1: USB disconnect, device number 7
[  136.377668][ T5795] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  136.798128][ T6828] capability: warning: `syz.3.338' uses 32-bit capabilities (legacy support in use)
[  136.963613][   T73] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  137.111322][   T73] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  137.275316][   T73] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  137.304801][ T6841] loop1: detected capacity change from 0 to 256
[  137.320361][ T6841] exfat: Deprecated parameter 'utf8'
[  137.336134][ T6841] exfat: Deprecated parameter 'namecase'
[  137.414220][ T6841] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xc465a08c, utbl_chksum : 0xe619d30d)
[  137.435788][   T73] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  137.528794][ T3062] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  137.739208][ T3062] usb 4-1: Using ep0 maxpacket: 32
[  137.774458][ T3062] usb 4-1: config 0 has an invalid interface number: 196 but max is 0
[  137.796534][ T3062] usb 4-1: config 0 has no interface number 0
[  137.820802][ T3062] usb 4-1: config 0 interface 196 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 528
[  137.869016][ T3062] usb 4-1: config 0 interface 196 has no altsetting 0
[  137.893888][ T3062] usb 4-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a
[  137.928893][ T3062] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  137.978837][ T3062] usb 4-1: Product: syz
[  137.983081][ T3062] usb 4-1: Manufacturer: syz
[  138.009754][ T3062] usb 4-1: SerialNumber: syz
[  138.029131][   T73] tipc: Left network mode
[  138.040355][ T3062] usb 4-1: config 0 descriptor??
[  138.045468][ T6849] loop0: detected capacity change from 0 to 4096
[  138.046322][ T6839] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  138.159548][ T5792] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  138.170315][ T5792] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  138.178910][ T5792] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  138.189119][ T6849] ntfs3: loop0: Mark volume as dirty due to NTFS errors
[  138.202103][ T5792] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  138.210868][ T5792] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  138.226800][ T5792] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  138.304527][ T6858] loop1: detected capacity change from 0 to 256
[  138.312684][ T6858] exfat: Deprecated parameter 'utf8'
[  138.314396][ T6849] ntfs3: loop0: Failed to load $Extend (-22).
[  138.365251][ T6849] ntfs3: loop0: Failed to initialize $Extend.
[  138.431481][ T6858] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d)
[  138.515498][ T3062] ipheth 4-1:0.196: ipheth_get_macaddr: usb_control_msg: short packet: 0 bytes
[  138.552026][   T27] audit: type=1800 audit(1760065088.513:16): pid=6849 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.348" name="file1" dev="loop0" ino=30 res=0 errno=0
[  138.572519][    C1] vkms_vblank_simulate: vblank timer overrun
[  138.580423][ T3062] ipheth: probe of 4-1:0.196 failed with error -22
[  138.721346][ T1187] usb 4-1: USB disconnect, device number 3
[  139.817508][ T6891] syz.1.359 (6891) used greatest stack depth: 18704 bytes left
[  139.929231][ T6895] loop0: detected capacity change from 0 to 8192
[  139.985881][ T6895] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  140.058866][ T6895] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[  140.069316][ T6895] REISERFS (device loop0): using journaled data mode
[  140.076147][ T6895] reiserfs: using flush barriers
[  140.099021][ T6895] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  140.153630][ T6895] REISERFS (device loop0): checking transaction log (loop0)
[  140.200552][ T6895] REISERFS (device loop0): Using r5 hash to sort names
[  140.205984][ T6854] chnl_net:caif_netlink_parms(): no params data found
[  140.208004][ T6895] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2)
[  140.279122][ T6895] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[  140.321378][ T5104] Bluetooth: hci2: command tx timeout
[  141.496021][ T6854] bridge0: port 1(bridge_slave_0) entered blocking state
[  141.513451][ T6854] bridge0: port 1(bridge_slave_0) entered disabled state
[  141.527114][ T6938] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  141.536025][ T6854] bridge_slave_0: entered allmulticast mode
[  141.551365][ T6854] bridge_slave_0: entered promiscuous mode
[  141.607992][ T6854] bridge0: port 2(bridge_slave_1) entered blocking state
[  141.638982][ T6854] bridge0: port 2(bridge_slave_1) entered disabled state
[  141.646277][ T6854] bridge_slave_1: entered allmulticast mode
[  141.677234][ T6854] bridge_slave_1: entered promiscuous mode
[  141.738857][   T73] hsr_slave_0: left promiscuous mode
[  141.747056][   T73] hsr_slave_1: left promiscuous mode
[  141.762832][   T73] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  141.778862][   T73] batman_adv: batadv0: Removing interface: batadv_slave_0
[  141.793997][   T73] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  141.807281][   T73] batman_adv: batadv0: Removing interface: batadv_slave_1
[  141.815766][   T73] bridge_slave_1: left allmulticast mode
[  141.822002][   T73] bridge_slave_1: left promiscuous mode
[  141.830051][   T73] bridge0: port 2(bridge_slave_1) entered disabled state
[  141.855319][   T73] bridge_slave_0: left allmulticast mode
[  141.869008][   T73] bridge_slave_0: left promiscuous mode
[  141.908974][   T73] bridge0: port 1(bridge_slave_0) entered disabled state
[  142.000209][   T73] veth1_macvtap: left promiscuous mode
[  142.019157][   T73] veth0_macvtap: left promiscuous mode
[  142.025277][   T73] veth1_vlan: left promiscuous mode
[  142.037980][   T73] veth0_vlan: left promiscuous mode
[  142.270121][   T28] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  142.400309][ T5104] Bluetooth: hci2: command tx timeout
[  142.421532][ T6951] loop3: detected capacity change from 0 to 2364
[  142.486236][   T28] usb 1-1: Using ep0 maxpacket: 32
[  142.504835][   T28] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  142.519022][   T28] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  142.535564][   T28] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  142.548904][   T28] usb 1-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  142.566559][   T28] usb 1-1: Product: syz
[  142.585322][   T28] usb 1-1: Manufacturer: syz
[  142.620969][   T28] hub 1-1:4.0: USB hub found
[  142.864200][   T28] hub 1-1:4.0: 2 ports detected
[  142.908552][ T6957] loop3: detected capacity change from 0 to 128
[  142.958426][ T6957] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  142.976542][ T6957] ext4 filesystem being mounted at /103/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  143.075647][ T5795] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  143.298598][   T73] team0 (unregistering): Port device team_slave_1 removed
[  143.399580][   T73] team0 (unregistering): Port device team_slave_0 removed
[  143.483679][   T28] usb 1-1: USB disconnect, device number 8
[  143.499158][   T73] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  143.525069][ T6965] loop3: detected capacity change from 0 to 512
[  143.544945][ T6965] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  143.555078][ T6965] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem
[  143.571189][ T6965] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006]
[  143.590426][ T6965] System zones: 0-2, 18-18, 34-35
[  143.630395][ T6965] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  143.670265][ T6965] EXT4-fs (loop3): warning: mounting unchecked fs, running e2fsck is recommended
[  143.678426][   T73] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  143.699619][ T6965] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006]
[  143.710658][ T6965] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  143.761050][ T6965] EXT4-fs error (device loop3): ext4_validate_block_bitmap:439: comm syz.3.382: bg 0: block 353: padding at end of block bitmap is not set
[  143.868372][ T5795] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  144.482959][ T5104] Bluetooth: hci2: command tx timeout
[  144.773199][ T6984] loop0: detected capacity change from 0 to 512
[  144.813116][ T6984] EXT4-fs (loop0): Test dummy encryption mode enabled
[  144.873857][ T6984] EXT4-fs error (device loop0): ext4_orphan_get:1399: inode #15: comm syz.0.391: casefold flag without casefold feature
[  144.941931][ T6984] EXT4-fs error (device loop0): ext4_orphan_get:1404: comm syz.0.391: couldn't read orphan inode 15 (err -117)
[  144.965737][ T6984] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  145.064859][ T6978] loop3: detected capacity change from 0 to 32768
[  145.076714][   T73] bond0 (unregistering): Released all slaves
[  145.089791][ T6978] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop3 scanned by syz.3.388 (6978)
[  145.164172][ T6978] BTRFS info (device loop3): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  145.177715][ T6978] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  145.188401][ T6978] BTRFS info (device loop3): using free space tree
[  145.216208][ T6940] netlink: 16 bytes leftover after parsing attributes in process `syz.1.371'.
[  145.358573][ T6978] BTRFS info (device loop3): enabling ssd optimizations
[  145.399420][ T6978] BTRFS info (device loop3): auto enabling async discard
[  145.458230][ T6854] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  145.496261][ T6854] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  145.537505][   T27] audit: type=1800 audit(1760065095.483:17): pid=6978 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.388" name="file1" dev="loop3" ino=260 res=0 errno=0
[  145.618851][ T6984] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni"
[  145.732657][ T6854] team0: Port device team_slave_0 added
[  145.757409][ T7013] loop1: detected capacity change from 0 to 1024
[  145.764786][ T6854] team0: Port device team_slave_1 added
[  145.881747][ T5802] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  145.918211][ T6854] batman_adv: batadv0: Adding interface: batadv_slave_0
[  145.933061][ T5795] BTRFS info (device loop3): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  145.951597][ T7013] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  145.964079][ T6854] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  145.991232][ T6854] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  146.021597][ T7013] ext4 filesystem being mounted at /104/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  146.081248][ T6854] batman_adv: batadv0: Adding interface: batadv_slave_1
[  146.088269][ T6854] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  146.112787][ T7013] EXT4-fs error (device loop1): ext4_free_blocks:6676: comm syz.1.393: Freeing blocks not in datazone - block = 0, count = 16
[  146.139047][ T6854] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  146.256775][ T1128] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  146.339996][ T1128] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  146.378724][ T1128] EXT4-fs (loop1): This should not happen!! Data will be lost
[  146.378724][ T1128] 
[  146.388444][ T1128] EXT4-fs (loop1): Total free blocks count 0
[  146.445446][ T1128] EXT4-fs (loop1): Free/Dirty block details
[  146.451643][ T1128] EXT4-fs (loop1): free_blocks=4293918736
[  146.457498][ T1128] EXT4-fs (loop1): dirty_blocks=16
[  146.473883][ T6854] hsr_slave_0: entered promiscuous mode
[  146.489889][ T1128] EXT4-fs (loop1): Block reservation details
[  146.495948][ T1128] EXT4-fs (loop1): i_reserved_data_blocks=1
[  146.506881][ T6854] hsr_slave_1: entered promiscuous mode
[  146.537026][ T6854] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  146.554987][ T5790] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  146.578706][ T5104] Bluetooth: hci2: command tx timeout
[  146.588851][ T6854] Cannot create hsr debugfs directory
[  146.994672][ T7032] netlink: 40 bytes leftover after parsing attributes in process `syz.3.394'.
[  147.493710][ T7020] loop0: detected capacity change from 0 to 32768
[  147.541231][ T6854] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  147.567183][ T7020] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  147.596362][ T6854] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  147.631089][ T6854] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  147.646141][ T6854] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  147.830793][ T7020] XFS (loop0): Ending clean mount
[  148.071557][ T5802] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  148.076334][ T6854] 8021q: adding VLAN 0 to HW filter on device bond0
[  148.142800][ T6854] 8021q: adding VLAN 0 to HW filter on device team0
[  148.187959][   T73] bridge0: port 1(bridge_slave_0) entered blocking state
[  148.195198][   T73] bridge0: port 1(bridge_slave_0) entered forwarding state
[  148.256537][   T42] bridge0: port 2(bridge_slave_1) entered blocking state
[  148.263795][   T42] bridge0: port 2(bridge_slave_1) entered forwarding state
[  149.224610][ T7096] bond1: entered allmulticast mode
[  149.244490][ T7096] 8021q: adding VLAN 0 to HW filter on device bond1
[  149.335684][ T7103] loop3: detected capacity change from 0 to 128
[  149.397882][ T6854] 8021q: adding VLAN 0 to HW filter on device batadv0
[  150.392449][ T7136] Zero length message leads to an empty skb
[  150.589074][ T7141] binder: 7139:7141 ioctl 40046205 0 returned -22
[  150.608308][ T6854] veth0_vlan: entered promiscuous mode
[  150.646524][ T6854] veth1_vlan: entered promiscuous mode
[  150.726907][ T6854] veth0_macvtap: entered promiscuous mode
[  150.751911][ T6854] veth1_macvtap: entered promiscuous mode
[  150.794590][ T6854] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  150.822190][ T6854] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  150.854710][ T6854] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  150.879459][ T6854] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  150.901106][ T6854] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  150.923615][ T6854] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  150.958431][ T6854] batman_adv: batadv0: Interface activated: batadv_slave_0
[  150.984410][ T6854] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  151.006598][ T6854] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  151.038728][ T6854] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  151.076064][ T7156] loop1: detected capacity change from 0 to 512
[  151.083264][ T6854] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  151.095079][ T6854] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  151.106335][ T6854] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  151.111658][ T7156] EXT4-fs: Ignoring removed i_version option
[  151.121146][ T6854] batman_adv: batadv0: Interface activated: batadv_slave_1
[  151.142978][ T6854] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  151.154222][ T6854] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  151.164785][ T6854] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  151.182274][ T7156] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  151.190412][ T6854] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  151.214296][ T7156] EXT4-fs (loop1): 1 truncate cleaned up
[  151.235056][ T7156] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  151.347137][ T7156] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2244: inode #15: comm syz.1.428: corrupted in-inode xattr: overlapping e_value 
[  151.366921][ T1128] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  151.386427][ T1128] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  151.389301][ T7156] EXT4-fs warning (device loop1): ext4_xattr_set_entry:1781: inode #15: comm syz.1.428: unable to update i_inline_off
[  151.410011][ T7156] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2867: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  151.431724][ T7163] EXT4-fs error (device loop1): ext4_xattr_ibody_list:797: inode #15: comm syz.1.428: corrupted in-inode xattr: overlapping e_value 
[  151.476245][ T1128] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  151.497250][ T7156] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2244: inode #15: comm syz.1.428: corrupted in-inode xattr: overlapping e_value 
[  151.502655][ T1128] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  151.645378][ T7166] kvm: kvm [7165]: vcpu0, guest rIP: 0xfff0 Unhandled RDMSR(0x40000012)
[  151.665364][ T5790] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  152.996782][ T7218] loop3: detected capacity change from 0 to 128
[  153.051628][ T7218] VFS: Found a Xenix FS (block size = 512) on device loop3
[  153.107496][ T7218] syz.3.446: attempt to access beyond end of device
[  153.107496][ T7218] loop3: rw=2049, sector=2066843070, nr_sectors = 1 limit=128
[  153.130208][ T3062] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  153.146608][ T7218] Buffer I/O error on dev loop3, logical block 2066843070, lost async page write
[  153.161878][ T7218] syz.3.446: attempt to access beyond end of device
[  153.161878][ T7218] loop3: rw=2049, sector=8767744, nr_sectors = 1 limit=128
[  153.181960][ T7218] Buffer I/O error on dev loop3, logical block 8767744, lost async page write
[  153.215488][ T7218] syz.3.446: attempt to access beyond end of device
[  153.215488][ T7218] loop3: rw=2049, sector=13269809, nr_sectors = 1 limit=128
[  153.235213][ T7221] loop1: detected capacity change from 0 to 128
[  153.255023][ T7218] Buffer I/O error on dev loop3, logical block 13269809, lost async page write
[  153.285416][ T7218] syz.3.446: attempt to access beyond end of device
[  153.285416][ T7218] loop3: rw=2049, sector=1157, nr_sectors = 1 limit=128
[  153.285979][ T7221] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  153.316626][ T7221] ext4 filesystem being mounted at /124/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  153.337839][ T7218] Buffer I/O error on dev loop3, logical block 1157, lost async page write
[  153.346767][ T3062] usb 5-1: Using ep0 maxpacket: 32
[  153.356437][ T7218] syz.3.446: attempt to access beyond end of device
[  153.356437][ T7218] loop3: rw=2049, sector=3211264, nr_sectors = 1 limit=128
[  153.384467][ T3062] usb 5-1: config 0 has an invalid interface number: 12 but max is 0
[  153.394555][ T3062] usb 5-1: config 0 has no interface number 0
[  153.400933][ T7218] Buffer I/O error on dev loop3, logical block 3211264, lost async page write
[  153.410107][ T3062] usb 5-1: config 0 interface 12 has no altsetting 0
[  153.417532][ T7218] syz.3.446: attempt to access beyond end of device
[  153.417532][ T7218] loop3: rw=2049, sector=8768635, nr_sectors = 1 limit=128
[  153.432357][ T7218] Buffer I/O error on dev loop3, logical block 8768635, lost async page write
[  153.442715][ T7218] syz.3.446: attempt to access beyond end of device
[  153.442715][ T7218] loop3: rw=2049, sector=13466417, nr_sectors = 1 limit=128
[  153.457199][ T7218] Buffer I/O error on dev loop3, logical block 13466417, lost async page write
[  153.466702][ T3062] usb 5-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  153.476740][ T3062] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  153.485061][ T7218] syz.3.446: attempt to access beyond end of device
[  153.485061][ T7218] loop3: rw=2049, sector=209285, nr_sectors = 1 limit=128
[  153.498936][ T3062] usb 5-1: Product: syz
[  153.503160][ T3062] usb 5-1: Manufacturer: syz
[  153.507814][ T3062] usb 5-1: SerialNumber: syz
[  153.512745][ T7218] Buffer I/O error on dev loop3, logical block 209285, lost async page write
[  153.528061][ T3062] usb 5-1: config 0 descriptor??
[  153.639222][ T5795] sysv_free_block: trying to free block not in datazone
[  153.666854][ T5795] sysv_free_inode: inode 0,1,2 or nonexistent inode
[  153.733610][ T7231] netlink: 8 bytes leftover after parsing attributes in process `syz.0.448'.
[  153.852751][ T5790] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  154.363979][ T3062] f81534 5-1:0.12: f81534_set_register: reg: 1002 data: 0 failed: -71
[  154.388594][ T3062] f81534 5-1:0.12: f81534_find_config_idx: read failed: -71
[  154.397186][ T3062] f81534 5-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  154.414382][ T3062] f81534: probe of 5-1:0.12 failed with error -71
[  154.455272][ T3062] usb 5-1: USB disconnect, device number 2
[  155.958871][ T5859] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  156.166697][ T5859] usb 2-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[  156.189826][ T5859] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  156.218573][ T5859] usb 2-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice= 0.9c
[  156.238216][ T5859] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  156.270677][ T7299] loop0: detected capacity change from 0 to 4096
[  156.279109][ T5859] usb 2-1: Product: syz
[  156.287365][ T5859] usb 2-1: Manufacturer: syz
[  156.334706][ T5859] usb 2-1: SerialNumber: syz
[  156.362853][ T7299] ntfs3: loop0: Mark volume as dirty due to NTFS errors
[  156.376136][ T5859] usb 2-1: config 0 descriptor??
[  156.394611][ T5859] ims_pcu 2-1:0.0: Missing CDC union descriptor
[  156.421108][ T5859] ims_pcu: probe of 2-1:0.0 failed with error -22
[  156.443129][   T27] audit: type=1800 audit(1760065106.403:18): pid=7299 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.467" name="file1" dev="loop0" ino=30 res=0 errno=0
[  156.979081][    T8] usb 2-1: USB disconnect, device number 6
[  157.338782][ T1187] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  157.558899][ T1187] usb 5-1: Using ep0 maxpacket: 8
[  157.586871][ T1187] usb 5-1: config 0 has an invalid interface number: 46 but max is 0
[  157.614155][ T1187] usb 5-1: config 0 has no interface number 0
[  157.641109][ T1187] usb 5-1: config 0 interface 46 has no altsetting 0
[  157.714325][ T1187] usb 5-1: New USB device found, idVendor=2c42, idProduct=16f8, bcdDevice=f3.33
[  157.734308][ T1187] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  157.754553][ T1187] usb 5-1: Product: syz
[  157.763353][ T1187] usb 5-1: Manufacturer: syz
[  157.768164][ T7342] netlink: 46 bytes leftover after parsing attributes in process `syz.0.478'.
[  157.781721][ T1187] usb 5-1: SerialNumber: syz
[  157.819902][ T1187] usb 5-1: config 0 descriptor??
[  157.959975][ T7348] loop1: detected capacity change from 0 to 2048
[  157.986068][ T7348] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024)
[  158.021228][ T7348] NILFS (loop1): mounting unchecked fs
[  158.063684][ T7348] NILFS (loop1): recovery complete
[  158.069577][ T1187] f81534a_ctrl 5-1:0.46: failed to set register 0x116: -5
[  158.076759][ T1187] f81534a_ctrl 5-1:0.46: failed to enable ports: -5
[  158.084164][ T7350] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  158.128193][ T7352] netlink: 8 bytes leftover after parsing attributes in process `syz.0.482'.
[  158.160726][ T1187] f81534a_ctrl: probe of 5-1:0.46 failed with error -5
[  158.213101][ T1187] usb 5-1: USB disconnect, device number 3
[  158.292664][ T7354] program syz.3.483 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  158.414467][ T7359] loop1: detected capacity change from 0 to 256
[  158.469561][ T7359] exfat: Deprecated parameter 'utf8'
[  158.541338][ T7359] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xbe66f6fd, utbl_chksum : 0xe619d30d)
[  158.738548][ T7364] loop3: detected capacity change from 0 to 8192
[  158.807917][ T7364] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  158.859428][ T7364] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal
[  158.872770][ T7364] REISERFS (device loop3): using ordered data mode
[  158.881117][ T7364] reiserfs: using flush barriers
[  158.889296][ T7364] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  158.907596][ T7364] REISERFS (device loop3): checking transaction log (loop3)
[  159.045830][ T7364] REISERFS (device loop3): Using tea hash to sort names
[  159.081185][ T7364] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[  159.099082][ T1187] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  159.308857][ T1187] usb 5-1: Using ep0 maxpacket: 16
[  159.328439][ T1187] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  159.361036][ T1187] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  159.384851][ T1187] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  159.395733][ T1187] usb 5-1: SerialNumber: syz
[  159.405340][ T1187] hub 5-1:1.0: bad descriptor, ignoring hub
[  159.419404][ T1187] hub: probe of 5-1:1.0 failed with error -5
[  159.929416][    T9] usb 5-1: reset high-speed USB device number 4 using dummy_hcd
[  159.967212][    T9] usb 5-1: device reset changed ep0 maxpacket size!
[  159.996078][    T9] usb 5-1: USB disconnect, device number 4
[  160.371162][    T9] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  160.587740][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  160.608736][    T9] usb 5-1: New USB device found, idVendor=054c, idProduct=0268, bcdDevice= 0.00
[  160.628209][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  160.651314][    T9] usb 5-1: config 0 descriptor??
[  160.884360][    T9] usbhid 5-1:0.0: can't add hid device: -71
[  160.894117][    T9] usbhid: probe of 5-1:0.0 failed with error -71
[  160.924808][    T9] usb 5-1: USB disconnect, device number 5
[  161.090248][ T7386] loop0: detected capacity change from 0 to 40427
[  161.135573][ T7386] F2FS-fs (loop0): invalid crc value
[  161.164038][ T7386] F2FS-fs (loop0): Found nat_bits in checkpoint
[  161.215022][ T7398] loop1: detected capacity change from 0 to 32768
[  161.281111][ T7398] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  161.481429][ T7398] XFS (loop1): Ending clean mount
[  161.556376][ T7386] F2FS-fs (loop0): Start checkpoint disabled!
[  161.614787][ T7417] loop3: detected capacity change from 0 to 1024
[  161.655545][ T7386] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  161.682368][ T5790] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  161.695882][ T7417] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  161.809118][ T7417] ext4 filesystem being mounted at /145/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  161.867040][   T27] audit: type=1800 audit(1760065111.813:19): pid=7417 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.506" name="file1" dev="loop3" ino=15 res=0 errno=0
[  161.911485][ T5795] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  161.935104][ T7424] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  162.034588][ T7424] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  162.041591][ T7424] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  162.050213][ T7424] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  162.058077][ T7424] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  162.065040][ T7424] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  162.071958][ T7424] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  162.078859][ T7424] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  162.085749][ T7424] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  162.092693][ T7424] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  162.388483][ T7432] loop1: detected capacity change from 0 to 512
[  162.419065][ T7432] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  162.470480][ T7432] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c802e02c, mo2=0002]
[  162.480001][ T7432] EXT4-fs (loop1): orphan cleanup on readonly fs
[  162.502181][ T7432] EXT4-fs error (device loop1): ext4_orphan_get:1425: comm syz.1.507: bad orphan inode 267
[  162.522923][ T7432] EXT4-fs (loop1): Remounting filesystem read-only
[  162.543960][ T7432] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none.
[  162.719348][ T7432] EXT4-fs warning (device loop1): dx_probe:893: inode #2: comm syz.1.507: dx entry: limit 0 != root limit 125
[  162.747025][ T7432] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.507: Corrupt directory, running e2fsck is recommended
[  162.991739][ T5790] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000007.
[  163.454515][ T7446] loop3: detected capacity change from 0 to 16
[  163.513685][ T7446] erofs: (device loop3): mounted with root inode @ nid 36.
[  163.617882][ T7446] erofs: (device loop3): erofs_map_blocks_flatmode: inline data cross block boundary @ nid 36
[  163.648563][ T7449] loop4: detected capacity change from 0 to 1764
[  163.668478][ T7446] syz.3.514: attempt to access beyond end of device
[  163.668478][ T7446] loop3: rw=524288, sector=34359738360, nr_sectors = 1976 limit=16
[  163.756902][ T7449] iso9660: Corrupted directory entry in block 2 of inode 1920
[  165.175190][ T7485] loop3: detected capacity change from 0 to 4096
[  165.323373][ T7485] ntfs: volume version 3.1.
[  165.407287][ T7485] ntfs: (device loop3): ntfs_cluster_alloc(): Failed to allocate clusters, aborting (error -28).
[  165.416154][ T7460] loop4: detected capacity change from 0 to 32768
[  165.439435][ T7485] ntfs: (device loop3): ntfs_attr_extend_allocation(): Cannot extend allocation of inode 0x43, attribute type 0x80, because the allocation of clusters failed with error code -28.
[  165.475028][ T7460] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  165.498860][ T7460] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  165.560100][ T7460] gfs2: fsid=syz:syz.s: journal 0 mapped with 5 extents in 0ms
[  165.728910][ T7460] gfs2: fsid=syz:syz.s: first mount done, others may mount
[  165.907385][ T7500] loop3: detected capacity change from 0 to 1024
[  165.962985][ T7500] EXT4-fs: Ignoring removed oldalloc option
[  166.000377][ T7500] EXT4-fs (loop3): stripe (3) is not aligned with cluster size (16), stripe is disabled
[  166.083096][ T7500] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  166.404979][ T5795] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  167.052709][   T27] audit: type=1326 audit(1760065117.013:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7520 comm="syz.1.544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c0678eec9 code=0x7ffc0000
[  167.159190][   T27] audit: type=1326 audit(1760065117.033:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7520 comm="syz.1.544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=300 compat=0 ip=0x7f4c0678eec9 code=0x7ffc0000
[  167.230562][   T27] audit: type=1326 audit(1760065117.033:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7520 comm="syz.1.544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c0678eec9 code=0x7ffc0000
[  167.338787][   T27] audit: type=1326 audit(1760065117.033:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7520 comm="syz.1.544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c0678eec9 code=0x7ffc0000
[  167.369855][ T7529] mmap: syz.1.548 (7529) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  167.432564][   T27] audit: type=1326 audit(1760065117.043:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7520 comm="syz.1.544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=301 compat=0 ip=0x7f4c0678eec9 code=0x7ffc0000
[  167.510203][   T27] audit: type=1326 audit(1760065117.043:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7520 comm="syz.1.544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c0678eec9 code=0x7ffc0000
[  167.585046][   T27] audit: type=1326 audit(1760065117.043:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7520 comm="syz.1.544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c0678eec9 code=0x7ffc0000
[  167.646181][ T7539] loop1: detected capacity change from 0 to 1024
[  167.678959][ T5859] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  167.878881][ T5859] usb 4-1: Using ep0 maxpacket: 8
[  167.892752][ T5859] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  167.911060][   T73] hfsplus: b-tree write err: -5, ino 4
[  167.944927][ T5859] usb 4-1: New USB device found, idVendor=2801, idProduct=0201, bcdDevice=2a.d5
[  167.966735][ T5859] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  168.016768][ T5859] usb 4-1: config 0 descriptor??
[  168.139204][ T7548] syz.1.553 (7548): /proc/7547/oom_adj is deprecated, please use /proc/7547/oom_score_adj instead.
[  168.247484][ T5859] usb 4-1: USB disconnect, device number 4
[  168.723151][ T7553] netlink: 830 bytes leftover after parsing attributes in process `syz.1.555'.
[  169.459357][ T7581] loop4: detected capacity change from 0 to 256
[  169.496898][ T7575] loop3: detected capacity change from 0 to 4096
[  169.554325][ T7575] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512).
[  169.726820][ T7552] loop0: detected capacity change from 0 to 40427
[  169.831088][ T7552] F2FS-fs (loop0): invalid crc value
[  169.895153][ T7552] F2FS-fs (loop0): Found nat_bits in checkpoint
[  170.148979][ T7552] F2FS-fs (loop0): Start checkpoint disabled!
[  170.226939][ T7552] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  170.744099][ T3473] kworker/u4:9: attempt to access beyond end of device
[  170.744099][ T3473] loop0: rw=2049, sector=40960, nr_sectors = 24 limit=40427
[  170.784380][ T3473] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  170.791878][ T3473] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  170.799580][ T3473] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  171.482716][ T7632] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[  171.838828][ T5859] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  171.879337][   T23] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  172.028769][ T5859] usb 2-1: Using ep0 maxpacket: 32
[  172.046247][ T5859] usb 2-1: config 0 has an invalid interface number: 51 but max is 0
[  172.055298][ T5859] usb 2-1: config 0 has no interface number 0
[  172.071706][ T5859] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  172.089186][   T23] usb 4-1: Using ep0 maxpacket: 8
[  172.095097][ T5859] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  172.103925][ T5859] usb 2-1: Product: syz
[  172.109189][ T5859] usb 2-1: Manufacturer: syz
[  172.114222][ T5859] usb 2-1: SerialNumber: syz
[  172.122026][   T23] usb 4-1: config 0 has no interfaces?
[  172.128895][ T5859] usb 2-1: config 0 descriptor??
[  172.150119][ T5859] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  172.163220][   T23] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0069, bcdDevice=6e.55
[  172.173321][   T23] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  172.196216][   T23] usb 4-1: Product: syz
[  172.205245][   T23] usb 4-1: Manufacturer: syz
[  172.218748][   T23] usb 4-1: SerialNumber: syz
[  172.244869][   T23] usb 4-1: config 0 descriptor??
[  172.362727][ T5859] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  172.408966][ T5859] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  172.520170][ T7636] netlink: 12 bytes leftover after parsing attributes in process `syz.3.579'.
[  172.565190][ T7636] netlink: 28 bytes leftover after parsing attributes in process `syz.3.579'.
[  172.657962][ T5877] usb 4-1: USB disconnect, device number 5
[  172.766371][   T23] kernel read not supported for file /input/event1 (pid: 23 comm: kworker/1:0)
[  172.790014][    C1] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71
[  172.799093][ T5859] usb 2-1: USB disconnect, device number 7
[  172.822277][ T5859] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  172.866196][ T5859] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  172.871929][ T7647] loop4: detected capacity change from 0 to 32768
[  172.890588][ T5859] quatech2 2-1:0.51: device disconnected
[  173.293128][ T7670] loop0: detected capacity change from 0 to 64
[  173.877503][ T7686] loop1: detected capacity change from 0 to 512
[  174.835652][ T7706] loop1: detected capacity change from 0 to 1024
[  174.865618][ T7711] loop4: detected capacity change from 0 to 2048
[  174.876795][ T7711] UDF-fs: bad mount option "defcont‡Þð+Ì8rÛ8xtroot}®°oèDÉ·°BúpM#d%" or missing value
[  174.913973][ T7706] EXT4-fs: Ignoring removed nomblk_io_submit option
[  175.169825][ T7685] loop0: detected capacity change from 0 to 32768
[  175.172327][ T7706] EXT4-fs (loop1): mounted filesystem 00000000-0500-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  175.273654][ T7685] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  175.414791][ T7685] XFS (loop0): Ending clean mount
[  175.476922][ T7685] XFS (loop0): Quotacheck needed: Please wait.
[  175.532035][ T5790] EXT4-fs (loop1): unmounting filesystem 00000000-0500-0000-0000-000000000000.
[  175.608742][ T7685] XFS (loop0): Quotacheck: Done.
[  175.955529][ T5802] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  176.125111][   T27] audit: type=1326 audit(1760065126.083:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7753 comm="syz.1.608" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4c0678eec9 code=0x0
[  177.355745][ T7793] loop4: detected capacity change from 0 to 512
[  177.409781][ T7793] EXT4-fs: Ignoring removed nobh option
[  177.582319][ T7793] EXT4-fs error (device loop4): ext4_do_update_inode:5230: inode #16: comm syz.4.619: corrupted inode contents
[  177.667333][ T7793] EXT4-fs (loop4): Remounting filesystem read-only
[  177.685648][ T7805] loop3: detected capacity change from 0 to 4096
[  177.711349][ T7793] EXT4-fs (loop4): 1 truncate cleaned up
[  177.756991][ T7793] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  177.768467][ T7807] loop1: detected capacity change from 0 to 2048
[  177.770742][ T1117] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  177.816430][ T7809] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  177.819198][ T7793] ext4 filesystem being mounted at /39/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  177.858262][ T1117] Quota error (device loop4): write_blk: dquota write failed
[  177.884344][ T1117] Quota error (device loop4): remove_free_dqentry: Can't write block (5) with free entries
[  177.904853][ T1117] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  177.907592][ T7793] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  177.925737][ T1117] Quota error (device loop4): write_blk: dquota write failed
[  177.939546][ T7811] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  177.953622][ T1117] Quota error (device loop4): free_dqentry: Can't move quota data block (5) to free list
[  177.985824][ T1117] EXT4-fs (loop4): Quota write (off=8, len=24) cancelled because transaction is not started
[  178.078761][ T1117] Quota error (device loop4): v2_write_file_info: Can't write info structure
[  178.095796][ T1117] Quota error (device loop4): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  178.721013][ T5792] Bluetooth: hci1: command tx timeout
[  178.990559][ T7845] loop1: detected capacity change from 0 to 256
[  179.077078][ T7845] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x467a0815, utbl_chksum : 0xe619d30d)
[  179.130118][ T7845] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186)
[  179.254896][ T7845] exFAT-fs (loop1): error, invalid access to FAT free cluster (entry 0x00000006)
[  179.857225][ T7855] loop1: detected capacity change from 0 to 32768
[  179.877479][ T7855] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  179.877513][ T7855] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  179.922370][ T7865] xt_NFQUEUE: number of queues (1024) out of range (got 66558)
[  179.938907][ T7855] gfs2: fsid=syz:syz.0: journal 0 mapped with 7 extents in 0ms
[  179.953731][ T5877] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  179.953780][ T5877] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  180.036937][ T5877] kworker/0:5: attempt to access beyond end of device
[  180.036937][ T5877] loop1: rw=0, sector=402653184, nr_sectors = 8 limit=32768
[  180.111796][ T5877] gfs2: fsid=syz:syz.0: jid=0: Failed
[  180.114020][ T7855] gfs2: fsid=syz:syz.0: error recovering journal 0: -5
[  181.929967][ T7882] net_ratelimit: 1720 callbacks suppressed
[  181.929986][ T7882] Set syz1 is full, maxelem 1038 reached
[  182.292660][ T7888] loop3: detected capacity change from 0 to 4096
[  182.467482][ T7888] ntfs: volume version 3.1.
[  183.273538][ T7895] loop1: detected capacity change from 0 to 32768
[  183.318160][ T7895] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.655 (7895)
[  183.405346][ T7895] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  183.460628][ T7895] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm
[  183.489653][ T7895] BTRFS info (device loop1): using free space tree
[  183.639905][ T7895] BTRFS info (device loop1): enabling ssd optimizations
[  183.646934][ T7895] BTRFS info (device loop1): auto enabling async discard
[  183.752363][ T7945] loop4: detected capacity change from 0 to 8
[  183.896785][ T7945] SQUASHFS error: lzo decompression failed, data probably corrupt
[  183.899342][ T7947] Invalid ELF header len 1
[  183.914174][ T7945] SQUASHFS error: Failed to read block 0x144: -5
[  183.927354][ T7945] SQUASHFS error: Unable to read metadata cache entry [142]
[  183.950031][ T5790] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  183.968735][ T7945] SQUASHFS error: Unable to read inode 0x11f
[  184.265267][ T5801] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 10 /dev/loop1 scanned by udevd (5801)
[  184.748801][   T27] audit: type=1326 audit(1760065134.703:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7966 comm="syz.4.676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe35878eec9 code=0x7ffc0000
[  184.833677][   T27] audit: type=1326 audit(1760065134.703:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7966 comm="syz.4.676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=228 compat=0 ip=0x7fe35878eec9 code=0x7ffc0000
[  184.909186][   T27] audit: type=1326 audit(1760065134.703:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7966 comm="syz.4.676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe35878eec9 code=0x7ffc0000
[  184.978765][   T27] audit: type=1326 audit(1760065134.703:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7966 comm="syz.4.676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe35878eec9 code=0x7ffc0000
[  185.598209][ T7962] loop1: detected capacity change from 0 to 32768
[  185.698868][ T7962] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  185.857704][ T7962] XFS (loop1): Ending clean mount
[  185.905874][ T7962] XFS (loop1): Quotacheck needed: Please wait.
[  185.965822][ T7993] loop4: detected capacity change from 0 to 4096
[  185.973566][ T7995] netlink: 12 bytes leftover after parsing attributes in process `syz.0.685'.
[  186.008932][ T7995] tipc: Started in network mode
[  186.014806][ T7962] XFS (loop1): Quotacheck: Done.
[  186.038898][    T9] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  186.066029][ T7993] ntfs3: loop4: Mark volume as dirty due to NTFS errors
[  186.074272][ T7995] tipc: Node identity 7, cluster identity 4711
[  186.091881][ T7995] tipc: Node number set to 7
[  186.223520][ T5790] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  186.236919][    T9] usb 4-1: Using ep0 maxpacket: 16
[  186.260773][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  186.275914][    T9] usb 4-1: New USB device found, idVendor=056a, idProduct=003f, bcdDevice= 0.00
[  186.285186][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  186.328922][    T9] usb 4-1: config 0 descriptor??
[  186.778286][    T9] wacom 0003:056A:003F.0005: hidraw1: USB HID v0.00 Device [HID 056a:003f] on usb-dummy_hcd.3-1/input0
[  186.828269][ T5801] udevd[5801]: 'fido_id' [8008] terminated by signal 33 (Unknown signal 33)
[  186.978440][   T28] usb 4-1: USB disconnect, device number 6
[  186.999261][ T8013] netlink: 'syz.0.694': attribute type 1 has an invalid length.
[  187.007980][ T8013] netlink: 24 bytes leftover after parsing attributes in process `syz.0.694'.
[  187.440282][ T8026] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  187.728886][ T5877] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  187.922174][ T5877] usb 2-1: config 0 interface 0 has no altsetting 0
[  187.938718][ T5877] usb 2-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[  187.958526][ T5877] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  187.996276][ T8041] loop3: detected capacity change from 0 to 512
[  188.004489][ T5877] usb 2-1: config 0 descriptor??
[  188.062073][ T8041] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  188.113641][ T8041] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  188.154662][ T8041] ext4 filesystem being mounted at /202/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  188.232010][ T8014] loop4: detected capacity change from 0 to 65536
[  188.339140][ T8014] XFS (loop4): Mounting V5 Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2
[  188.431060][ T5795] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  188.467990][ T8014] XFS (loop4): Ending clean mount
[  188.671653][ T6854] XFS (loop4): Unmounting Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2
[  188.815317][   T23] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  188.830110][ T5877] video4linux radio48: keene_cmd_main failed (-71)
[  188.858847][ T5877] radio-keene 2-1:0.0: V4L2 device registered as radio48
[  188.888308][ T5877] usb 2-1: USB disconnect, device number 8
[  189.016965][ T8067] process 'syz.3.715' launched './file0' with NULL argv: empty string added
[  189.028212][   T23] usb 1-1: Using ep0 maxpacket: 8
[  189.044266][   T23] usb 1-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  189.061964][   T23] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  189.074735][   T23] usb 1-1: Product: syz
[  189.084072][   T23] usb 1-1: Manufacturer: syz
[  189.091362][   T23] usb 1-1: SerialNumber: syz
[  189.100411][   T23] usb 1-1: config 0 descriptor??
[  189.121468][   T23] gspca_main: se401-2.14.0 probing 047d:5003
[  189.290966][ T8071] loop4: detected capacity change from 0 to 1024
[  189.351926][ T8071] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  189.427206][ T8071] EXT4-fs error (device loop4): __ext4_new_inode:1075: comm syz.4.713: reserved inode found cleared - inode=1
[  189.518901][   T23] gspca_se401: ExtraFeatures: 48
[  189.528674][   T23] gspca_se401: Frame size: 8192x0 bayer
[  189.557473][ T6854] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  189.723770][   T23] input: se401 as /devices/platform/dummy_hcd.0/usb1/1-1/input/input13
[  189.793869][   T23] usb 1-1: USB disconnect, device number 9
[  190.182726][ T8075] loop3: detected capacity change from 0 to 32768
[  190.188807][ T5859] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  190.257244][ T8075] ERROR: (device loop3): diRead: i_ino != di_number
[  190.257244][ T8075] 
[  190.282513][ T8075] ERROR: (device loop3): remounting filesystem as read-only
[  190.386341][ T5859] usb 2-1: Using ep0 maxpacket: 32
[  190.403019][ T5859] usb 2-1: config 0 has an invalid interface number: 51 but max is 0
[  190.422227][ T8083] loop4: detected capacity change from 0 to 32768
[  190.429008][ T5859] usb 2-1: config 0 has no interface number 0
[  190.444721][ T5859] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  190.461525][ T5859] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  190.480105][ T5859] usb 2-1: Product: syz
[  190.484362][ T5859] usb 2-1: Manufacturer: syz
[  190.514907][ T5859] usb 2-1: SerialNumber: syz
[  190.549241][ T5859] usb 2-1: config 0 descriptor??
[  190.555386][ T8083] JFS: block map error in dbBackSplit
[  190.563535][ T5859] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  190.594564][ T8083] ERROR: (device loop4): dbDiscardAG: -EIO
[  190.594564][ T8083] 
[  190.615892][ T8083] ERROR: (device loop4): remounting filesystem as read-only
[  190.659188][ T8083] syz.4.719: attempt to access beyond end of device
[  190.659188][ T8083] loop4: rw=2051, sector=2629632, nr_sectors = 8192 limit=32768
[  190.707356][ T8083] JFS: sb_issue_discard(ffff8880313e0000, 328704, 1024, GFP_NOFS, 0) = -5 => failed!
[  190.777429][ T5859] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  190.807457][ T8083] blkno = 50400, nblocks = 400
[  190.834511][ T5859] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  190.891656][ T8083] ERROR: (device loop4): dbFree: block to be freed is outside the map
[  190.891656][ T8083] 
[  191.199358][    C1] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71
[  191.208316][   T28] usb 2-1: USB disconnect, device number 9
[  191.225759][   T28] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  191.274637][   T28] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  191.307825][   T28] quatech2 2-1:0.51: device disconnected
[  191.648249][ T8096] loop3: detected capacity change from 0 to 32768
[  191.694798][   T27] audit: type=1800 audit(1760065141.653:32): pid=8096 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.725" name="file1" dev="loop3" ino=4 res=0 errno=0
[  191.724971][ T8096] ERROR: (device loop3): diWrite: ixpxd invalid
[  191.724971][ T8096] 
[  191.760064][   T23] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  191.773274][ T8096] ERROR: (device loop3): remounting filesystem as read-only
[  191.837002][ T8096] ERROR: (device loop3): txCommit: 
[  191.837002][ T8096] 
[  191.869532][ T8111] ERROR: (device loop3): diWrite: ixpxd invalid
[  191.869532][ T8111] 
[  191.899293][ T8111] ERROR: (device loop3): txCommit: 
[  191.899293][ T8111] 
[  191.968233][   T23] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  191.993938][   T23] usb 5-1: config 1 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  192.023268][   T23] usb 5-1: config 1 interface 0 has no altsetting 0
[  192.033460][   T23] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  192.046972][   T23] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  192.061079][   T23] usb 5-1: Product: syz
[  192.067857][   T23] usb 5-1: Manufacturer: syz
[  192.077466][   T23] usb 5-1: SerialNumber: syz
[  192.384143][   T23] kernel read not supported for file /dsp (pid: 23 comm: kworker/1:0)
[  192.506345][   T23] usb 5-1: USB disconnect, device number 6
[  192.836080][   T23] kernel read not supported for file /usbmon9 (pid: 23 comm: kworker/1:0)
[  193.055813][ T8143] loop1: detected capacity change from 0 to 2048
[  193.098838][ T8143] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024)
[  193.175073][ T8145] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  193.279858][ T8146] loop4: detected capacity change from 0 to 512
[  193.406060][ T8146] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  193.485763][ T8155] loop1: detected capacity change from 0 to 1024
[  193.500103][ T8146] ext4 filesystem being mounted at /64/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  193.529852][ T8137] loop3: detected capacity change from 0 to 32768
[  193.594124][ T8137] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  193.672451][ T8146] EXT4-fs error (device loop4): ext4_do_update_inode:5230: inode #2: comm syz.4.746: corrupted inode contents
[  193.720124][ T8155] hfsplus: found bad thread record in catalog
[  193.752212][ T8146] EXT4-fs error (device loop4): ext4_dirty_inode:6106: inode #2: comm syz.4.746: mark_inode_dirty error
[  193.773060][ T8146] EXT4-fs error (device loop4): ext4_do_update_inode:5230: inode #2: comm syz.4.746: corrupted inode contents
[  193.778523][ T1117] hfsplus: found bad thread record in catalog
[  193.791120][ T8146] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #2: comm syz.4.746: mark_inode_dirty error
[  193.809922][ T8137] XFS (loop3): Ending clean mount
[  193.828145][ T1117] hfsplus: found bad thread record in catalog
[  193.835604][ T8137] XFS (loop3): Quotacheck needed: Please wait.
[  193.959659][ T8137] XFS (loop3): Quotacheck: Done.
[  194.018182][ T6854] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  194.028034][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  194.037594][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  194.181311][ T5795] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  194.218875][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  194.228084][    T0] NOHZ tick-stop error: local softirq work is pending, handler #48!!!
[  194.288118][    T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!!
[  194.666312][ T1284] ieee802154 phy0 wpan0: encryption failed: -22
[  194.673000][ T1284] ieee802154 phy1 wpan1: encryption failed: -22
[  194.987393][ T8189] bridge0: port 3(ip6gretap0) entered blocking state
[  195.015024][ T8189] bridge0: port 3(ip6gretap0) entered disabled state
[  195.027050][ T8189] ip6gretap0: entered allmulticast mode
[  195.042028][ T8189] ip6gretap0: entered promiscuous mode
[  195.080071][ T8189] bridge0: port 3(ip6gretap0) entered blocking state
[  195.087008][ T8189] bridge0: port 3(ip6gretap0) entered forwarding state
[  195.521988][ T8210] loop3: detected capacity change from 0 to 1024
[  195.680612][ T3062] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  195.888778][ T3062] usb 2-1: Using ep0 maxpacket: 16
[  195.900220][ T3062] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  195.919394][ T3062] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  195.948759][ T3062] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  195.959012][   T27] audit: type=1326 audit(1760065145.913:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8194 comm="syz.4.764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe35878eec9 code=0x7fc00000
[  195.996340][ T3062] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  196.019895][ T3062] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  196.040984][   T27] audit: type=1326 audit(1760065145.913:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8194 comm="syz.4.764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fe35878eec9 code=0x7fc00000
[  196.109828][ T3062] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  196.120063][   T27] audit: type=1326 audit(1760065145.913:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8194 comm="syz.4.764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe35878eec9 code=0x7fc00000
[  196.142291][ T3062] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  196.157877][ T3062] usb 2-1: Manufacturer: syz
[  196.164371][   T27] audit: type=1326 audit(1760065145.913:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8194 comm="syz.4.764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe35878eec9 code=0x7fc00000
[  196.188428][ T3062] usb 2-1: config 0 descriptor??
[  196.205310][   T27] audit: type=1326 audit(1760065145.913:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8194 comm="syz.4.764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe35878eec9 code=0x7fc00000
[  196.289395][   T27] audit: type=1326 audit(1760065145.913:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8194 comm="syz.4.764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe35878eec9 code=0x7fc00000
[  196.314294][   T27] audit: type=1326 audit(1760065145.913:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8194 comm="syz.4.764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe35878eec9 code=0x7fc00000
[  196.337423][   T27] audit: type=1326 audit(1760065145.913:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8194 comm="syz.4.764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe35878eec9 code=0x7fc00000
[  196.374479][   T27] audit: type=1326 audit(1760065145.913:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8194 comm="syz.4.764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe35878eec9 code=0x7fc00000
[  196.477561][ T8236] netlink: 'syz.4.783': attribute type 6 has an invalid length.
[  196.508146][ T8236] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.783'.
[  196.538863][ T3062] rc_core: IR keymap rc-hauppauge not found
[  196.544935][ T3062] Registered IR keymap rc-empty
[  196.555202][ T3062] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  196.600663][ T3062] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  196.660157][ T3062] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[  196.699599][ T3062] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input14
[  196.748949][ T3062] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  196.829112][ T3062] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  196.878564][ T3062] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  196.917174][ T8251] loop4: detected capacity change from 0 to 256
[  196.927447][ T8251] exfat: Deprecated parameter 'utf8'
[  196.936924][ T8251] exfat: Deprecated parameter 'utf8'
[  196.939157][ T3062] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  196.979600][ T5877] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  196.980178][ T8251] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d)
[  197.006331][ T3062] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  197.050088][ T3062] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  197.103238][ T3062] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  197.158787][ T3062] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  197.173121][ T5877] usb 4-1: Using ep0 maxpacket: 32
[  197.187710][ T5877] usb 4-1: config 0 interface 0 has no altsetting 0
[  197.198989][ T3062] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  197.206543][ T5877] usb 4-1: New USB device found, idVendor=1b1c, idProduct=1c0d, bcdDevice= 0.00
[  197.218117][ T5877] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  197.222293][ T8256] loop8: detected capacity change from 0 to 1
[  197.238830][ T3062] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  197.240808][ T5877] usb 4-1: config 0 descriptor??
[  197.254168][ T8256] Dev loop8: unable to read RDB block 1
[  197.266004][ T8256]  loop8: unable to read partition table
[  197.274215][ T8256] loop8: partition table beyond EOD, truncated
[  197.280817][ T8256] loop_reread_partitions: partition scan of loop8 (þ被x) failed (rc=-5)
[  197.289775][ T3062] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  197.324521][ T3062] mceusb 2-1:0.0: Registered  with mce emulator interface version 1
[  197.337186][ T3062] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  197.372147][ T3062] usb 2-1: USB disconnect, device number 10
[  197.697659][ T5877] corsair-psu 0003:1B1C:1C0D.0006: unknown main item tag 0x0
[  197.711613][ T5877] corsair-psu 0003:1B1C:1C0D.0006: unknown main item tag 0x0
[  197.721969][ T5877] corsair-psu 0003:1B1C:1C0D.0006: unknown main item tag 0x0
[  197.730105][ T5877] corsair-psu 0003:1B1C:1C0D.0006: unknown main item tag 0x0
[  197.739166][ T5877] corsair-psu 0003:1B1C:1C0D.0006: unknown main item tag 0x0
[  197.769268][ T5877] corsair-psu 0003:1B1C:1C0D.0006: hidraw1: USB HID v0.05 Device [HID 1b1c:1c0d] on usb-dummy_hcd.3-1/input0
[  198.178755][ T5877] corsair-psu 0003:1B1C:1C0D.0006: unable to initialize device (-110)
[  198.215856][ T5877] corsair-psu: probe of 0003:1B1C:1C0D.0006 failed with error -110
[  198.241639][ T5877] usb 4-1: USB disconnect, device number 7
[  198.309114][    T9] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  198.344930][ T8277] netlink: 'syz.4.802': attribute type 6 has an invalid length.
[  198.509685][    T9] usb 1-1: Using ep0 maxpacket: 32
[  198.523786][    T9] usb 1-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[  198.545739][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  198.577706][    T9] usb 1-1: config 0 descriptor??
[  198.601517][    T9] gspca_main: sunplus-2.14.0 probing 041e:400b
[  198.634807][ T3062] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  198.828957][ T3062] usb 2-1: Using ep0 maxpacket: 16
[  198.848780][ T3062] usb 2-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  198.857959][ T3062] usb 2-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  198.866304][ T3062] usb 2-1: Product: syz
[  198.870988][ T3062] usb 2-1: Manufacturer: syz
[  198.875638][ T3062] usb 2-1: SerialNumber: syz
[  198.884487][ T3062] usb 2-1: config 0 descriptor??
[  199.122733][    T8] usb 2-1: USB disconnect, device number 11
[  199.274398][ T8290] loop3: detected capacity change from 0 to 32768
[  199.282059][ T8290] XFS: noikeep mount option is deprecated.
[  199.288060][ T8290] XFS: ikeep mount option is deprecated.
[  199.320475][ T8290] XFS (loop3): DAX unsupported by block device. Turning off DAX.
[  199.335465][ T8290] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  199.387876][ T8290] XFS (loop3): Ending clean mount
[  199.404419][ T8290] XFS (loop3): Quotacheck needed: Please wait.
[  199.428900][    T9] gspca_sunplus: reg_w_riv err -71
[  199.445951][    T9] sunplus: probe of 1-1:0.0 failed with error -71
[  199.474672][    T9] usb 1-1: USB disconnect, device number 10
[  199.523152][ T8290] XFS (loop3): Quotacheck: Done.
[  199.606324][ T5795] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  199.865585][ T8302] syz_tun: entered allmulticast mode
[  199.899846][ T8301] syz_tun: left allmulticast mode
[  200.264305][   T27] kauditd_printk_skb: 21 callbacks suppressed
[  200.264323][   T27] audit: type=1326 audit(1760065150.223:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8313 comm="syz.4.816" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe35878eec9 code=0x0
[  200.600164][ T8322] loop3: detected capacity change from 0 to 512
[  200.658875][    T8] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  200.669367][ T8305] loop1: detected capacity change from 0 to 32768
[  200.703882][ T8322] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  200.720765][ T8322] ext4 filesystem being mounted at /233/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  200.758206][ T8305] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  200.767416][   T27] audit: type=1800 audit(1760065150.733:64): pid=8322 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.820" name="file1" dev="loop3" ino=15 res=0 errno=0
[  200.793789][   T27] audit: type=1800 audit(1760065150.743:65): pid=8322 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.820" name="file2" dev="loop3" ino=16 res=0 errno=0
[  200.864585][    T8] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  200.876215][    T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  200.897596][ T8305] XFS (loop1): Ending clean mount
[  200.899917][    T8] usb 1-1: Product: syz
[  200.907367][    T8] usb 1-1: Manufacturer: syz
[  200.922295][    T8] usb 1-1: SerialNumber: syz
[  200.944519][    T8] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  200.961082][ T8305] XFS (loop1): Quotacheck needed: Please wait.
[  200.970996][ T5795] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  201.009565][ T5877] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  201.084037][ T8305] XFS (loop1): Quotacheck: Done.
[  201.195224][ T8336] loop3: detected capacity change from 0 to 64
[  201.268106][ T8316] random: crng reseeded on system resumption
[  201.356344][ T5790] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  201.587949][ T8340] sctp: [Deprecated]: syz.3.824 (pid 8340) Use of struct sctp_assoc_value in delayed_ack socket option.
[  201.587949][ T8340] Use struct sctp_sack_info instead
[  201.822243][    T8] usb 1-1: USB disconnect, device number 11
[  202.028720][    T9] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  202.078924][ T5877] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[  202.086459][ T5877] ath9k_htc: Failed to initialize the device
[  202.139726][    T8] usb 1-1: ath9k_htc: USB layer deinitialized
[  202.228697][    T9] usb 5-1: Using ep0 maxpacket: 32
[  202.253649][    T9] usb 5-1: config 0 interface 0 altsetting 8 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  202.270978][    T9] usb 5-1: config 0 interface 0 altsetting 8 endpoint 0x81 has invalid wMaxPacketSize 0
[  202.281755][    T9] usb 5-1: config 0 interface 0 has no altsetting 0
[  202.288436][    T9] usb 5-1: New USB device found, idVendor=056a, idProduct=00b9, bcdDevice= 0.00
[  202.298235][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  202.320221][    T9] usb 5-1: config 0 descriptor??
[  202.790173][    T9] wacom 0003:056A:00B9.0007: unknown main item tag 0x0
[  202.816976][    T9] wacom 0003:056A:00B9.0007: unknown main item tag 0x0
[  202.845123][    T9] wacom 0003:056A:00B9.0007: unknown main item tag 0x0
[  202.875363][    T9] wacom 0003:056A:00B9.0007: unknown main item tag 0x0
[  202.897961][    T9] wacom 0003:056A:00B9.0007: unknown main item tag 0x0
[  202.924347][    T9] wacom 0003:056A:00B9.0007: Unknown device_type for 'HID 056a:00b9'. Assuming pen.
[  202.942703][    T9] wacom 0003:056A:00B9.0007: hidraw1: USB HID v0.00 Device [HID 056a:00b9] on usb-dummy_hcd.4-1/input0
[  202.945342][    T9] input: Wacom Intuos4 6x9 Pen as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:056A:00B9.0007/input/input15
[  203.094898][    T9] usb 5-1: USB disconnect, device number 7
[  203.234000][ T8378] fido_id[8378]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/5-1/report_descriptor': No such file or directory
[  203.552187][ T8394] loop3: detected capacity change from 0 to 164
[  203.716100][ T8398] syz.4.839[8398] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  203.716252][ T8398] syz.4.839[8398] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  203.975343][ T8408] loop1: detected capacity change from 0 to 512
[  204.038848][ T8408] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  204.142083][ T8408] EXT4-fs (loop1): 1 truncate cleaned up
[  204.148787][ T3062] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  204.176962][ T8408] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  204.277251][ T5790] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  204.369112][ T3062] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  204.421606][ T3062] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  204.479544][ T3062] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  204.496752][ T3062] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  204.515313][ T3062] usb 4-1: Product: syz
[  204.524309][ T3062] usb 4-1: Manufacturer: syz
[  204.541225][ T3062] usb 4-1: SerialNumber: syz
[  204.636590][ T8428] netlink: 4 bytes leftover after parsing attributes in process `syz.1.851'.
[  204.676539][ T8428] bridge0: entered promiscuous mode
[  204.685158][ T8428] macsec1: entered allmulticast mode
[  204.696201][ T8428] bridge0: entered allmulticast mode
[  204.704980][ T8428] bridge0: port 3(macsec1) entered blocking state
[  204.715185][ T8428] bridge0: port 3(macsec1) entered disabled state
[  204.727372][ T8428] bridge0: left allmulticast mode
[  204.733340][ T8428] bridge0: left promiscuous mode
[  204.769025][   T28] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  204.779247][ T8406] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  204.795663][ T8406] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  204.832519][ T3062] cdc_ether: probe of 4-1:1.0 failed with error -22
[  204.867028][ T3062] usb 4-1: USB disconnect, device number 8
[  204.965574][   T28] usb 1-1: Using ep0 maxpacket: 8
[  204.977707][   T28] usb 1-1: config 179 has an invalid interface number: 65 but max is 0
[  204.997048][   T28] usb 1-1: config 179 has an invalid descriptor of length 0, skipping remainder of the config
[  205.017087][   T28] usb 1-1: config 179 has no interface number 0
[  205.033914][   T28] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  205.058785][   T28] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  205.087703][   T28] usb 1-1: config 179 interface 65 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 23
[  205.111949][   T28] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  205.123623][   T28] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  205.142189][ T8424] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  205.178970][ T8436] program syz.1.855 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  205.376702][   T28] usb 1-1: USB disconnect, device number 12
[  205.408917][ T3062] usb 4-1: new full-speed USB device number 9 using dummy_hcd
[  205.602313][ T3062] usb 4-1: config index 0 descriptor too short (expected 301, got 72)
[  205.616403][ T3062] usb 4-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  205.638456][ T3062] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  205.648459][ T3062] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 1024, setting to 64
[  205.666031][ T3062] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  205.687259][ T3062] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  205.710596][ T3062] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  205.720654][ T3062] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  205.768752][ T5859] usb 2-1: new full-speed USB device number 12 using dummy_hcd
[  205.945370][ T3062] usb 4-1: usb_control_msg returned -71
[  205.968947][ T5859] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  205.989008][ T3062] usbtmc 4-1:16.0: can't read capabilities
[  205.995162][ T5859] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  206.009230][ T3062] usbtmc 4-1:16.0: Failed to submit iin_urb
[  206.015262][ T3062] usbtmc: probe of 4-1:16.0 failed with error -90
[  206.028126][ T5859] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  206.046205][ T3062] usb 4-1: USB disconnect, device number 9
[  206.052566][ T5859] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  206.234742][ T8447] loop4: detected capacity change from 0 to 32768
[  206.291275][ T8447] JBD2: Ignoring recovery information on journal
[  206.310190][ T5859] usb 2-1: GET_CAPABILITIES returned 0
[  206.315776][ T5859] usbtmc 2-1:16.0: can't read capabilities
[  206.447134][ T8447] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  206.539435][ T8443] usbtmc 2-1:16.0: send_request_dev_dep_msg_in returned -90
[  206.572648][ T3062] usb 2-1: USB disconnect, device number 12
[  206.636465][ T6854] ocfs2: Unmounting device (7,4) on (node local)
[  207.008503][ T8474] trusted_key: encrypted_key: keyword 'updatX' not recognized
[  208.480300][ T8492] loop4: detected capacity change from 0 to 40427
[  208.481455][ T8495] loop1: detected capacity change from 0 to 32768
[  208.553486][ T8492] F2FS-fs (loop4): Insane cp_payload (553648128 >= 504)
[  208.579111][ T8495] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  208.609214][ T8492] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  208.617678][ T8492] F2FS-fs (loop4): build fault injection attr: rate: 17008, type: 0x7ffff
[  208.637394][ T8495] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm
[  208.638709][ T8492] F2FS-fs (loop4): build fault injection attr: rate: 0, type: 0x1f8
[  208.664166][ T8495] BTRFS info (device loop1): using free space tree
[  208.708537][ T8492] F2FS-fs (loop4): invalid crc value
[  208.751872][ T8492] F2FS-fs (loop4): Found nat_bits in checkpoint
[  208.926221][ T8495] BTRFS info (device loop1): enabling ssd optimizations
[  208.987971][ T8495] BTRFS info (device loop1): auto enabling async discard
[  209.034726][ T8492] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  209.080831][ T8492] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  209.117319][   T27] audit: type=1800 audit(1760065159.073:66): pid=8495 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.882" name="file1" dev="loop1" ino=260 res=0 errno=0
[  209.137700][    C0] vkms_vblank_simulate: vblank timer overrun
[  209.315663][ T8528] netlink: 48 bytes leftover after parsing attributes in process `syz.3.888'.
[  209.846859][ T5790] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  209.848557][ T6854] syz-executor: attempt to access beyond end of device
[  209.848557][ T6854] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  209.857384][ T8504] syz.0.886 (8504): drop_caches: 2
[  209.907515][ T6854] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  210.557267][ T8540] batadv1: entered allmulticast mode
[  210.599969][ T8540] 8021q: adding VLAN 0 to HW filter on device batadv1
[  210.607713][ T8540] bridge0: port 3(batadv1) entered blocking state
[  210.668997][ T8540] bridge0: port 3(batadv1) entered disabled state
[  210.706789][ T8540] batadv1: entered promiscuous mode
[  210.756576][ T8540] bridge0: port 3(batadv1) entered blocking state
[  210.763275][ T8540] bridge0: port 3(batadv1) entered forwarding state
[  211.077647][ T1128] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled
[  211.087267][ T1128] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled
[  211.327525][ T8554] netlink: 60 bytes leftover after parsing attributes in process `syz.0.898'.
[  211.637660][ T8560] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  211.879511][ T8570] netlink: 28 bytes leftover after parsing attributes in process `syz.1.907'.
[  211.905175][ T8570] netlink: 28 bytes leftover after parsing attributes in process `syz.1.907'.
[  211.985719][ T8570] gretap0: entered promiscuous mode
[  211.994003][ T8570] batadv_slave_1: entered promiscuous mode
[  212.077241][ T8575] netlink: 8 bytes leftover after parsing attributes in process `syz.4.908'.
[  212.090735][ T5104] Bluetooth: hci1: command 0x0406 tx timeout
[  212.205114][ T8578] loop3: detected capacity change from 0 to 256
[  212.431509][ T8584] loop4: detected capacity change from 0 to 64
[  212.498679][   T27] audit: type=1800 audit(1760065162.453:67): pid=8584 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.913" name="bus" dev="loop4" ino=21 res=0 errno=0
[  212.546348][   T27] audit: type=1804 audit(1760065162.463:68): pid=8584 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.913" name="/newroot/106/file0/bus" dev="loop4" ino=21 res=1 errno=0
[  212.848719][ T3062] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  213.068741][ T3062] usb 1-1: Using ep0 maxpacket: 32
[  213.073909][ T8586] loop3: detected capacity change from 0 to 32768
[  213.103523][ T8586] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz.3.914 (8586)
[  213.116145][ T3062] usb 1-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[  213.128727][ T3062] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  213.155599][ T3062] usb 1-1: config 0 descriptor??
[  213.156445][ T8586] BTRFS info (device loop3): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  213.177473][ T3062] gspca_main: nw80x-2.14.0 probing 055f:d001
[  213.216903][ T8586] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm
[  213.248941][ T8586] BTRFS info (device loop3): force zlib compression, level 3
[  213.256410][ T8586] BTRFS info (device loop3): force clearing of disk cache
[  213.298440][ T8586] BTRFS info (device loop3): setting nodatasum
[  213.322114][ T8586] BTRFS info (device loop3): allowing degraded mounts
[  213.340344][ T8582] loop1: detected capacity change from 0 to 40427
[  213.345885][ T8586] BTRFS info (device loop3): enabling disk space caching
[  213.379244][ T8582] F2FS-fs (loop1): Invalid Fs Meta Ino: node(0) meta(2) root(0)
[  213.387018][ T8582] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  213.392940][ T8586] BTRFS info (device loop3): disk space caching is enabled
[  213.432654][ T8582] F2FS-fs (loop1): invalid crc value
[  213.489543][ T8582] F2FS-fs (loop1): Found nat_bits in checkpoint
[  213.612274][ T8586] BTRFS info (device loop3): auto enabling async discard
[  213.662350][ T8586] BTRFS info (device loop3): rebuilding free space tree
[  213.709654][ T8586] BTRFS info (device loop3): disabling free space tree
[  213.716667][ T8586] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  213.738215][ T8586] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  213.776909][ T8582] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  213.785694][ T8582] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[  213.815754][    T8] usb 1-1: USB disconnect, device number 13
[  213.866002][ T8590] loop4: detected capacity change from 0 to 40427
[  213.893789][ T8582] syz.1.912: attempt to access beyond end of device
[  213.893789][ T8582] loop1: rw=2051, sector=36912, nr_sectors = 8152 limit=40427
[  213.913668][ T8582] syz.1.912: attempt to access beyond end of device
[  213.913668][ T8582] loop1: rw=2051, sector=45096, nr_sectors = 85976 limit=40427
[  213.941381][ T8590] F2FS-fs (loop4): invalid crc value
[  213.970210][ T8590] F2FS-fs (loop4): Found nat_bits in checkpoint
[  214.008459][ T8586] BTRFS info (device loop3): balance: start -sdrange=128..234881024,vrange=18446744073709551614..18446744073709551613,limit=9223372036854775807,limit=4294967295..2147483647
[  214.027118][ T8582] F2FS-fs (loop1): Issue discard(4614, 4614, 1019) failed, ret: -5
[  214.061981][ T8582] F2FS-fs (loop1): Issue discard(5637, 5637, 10747) failed, ret: -5
[  214.065312][ T8586] BTRFS info (device loop3): balance: ended with status: 0
[  214.179042][ T8590] F2FS-fs (loop4): Start checkpoint disabled!
[  214.212465][ T8590] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  214.273052][ T5795] BTRFS info (device loop3): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  214.605081][   T42] kworker/u4:2: attempt to access beyond end of device
[  214.605081][   T42] loop4: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  214.619918][   T42] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  214.634331][   T42] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  214.975277][ T6209] ==================================================================
[  214.983414][ T6209] BUG: KASAN: slab-use-after-free in __mutex_lock+0x6cb/0xcc0
[  214.990928][ T6209] Read of size 8 at addr ffff88807eeb00a0 by task khidpd_16bf5505/6209
[  214.999277][ T6209] 
[  215.001648][ T6209] CPU: 1 PID: 6209 Comm: khidpd_16bf5505 Not tainted syzkaller #0
[  215.009806][ T6209] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  215.019884][ T6209] Call Trace:
[  215.023193][ T6209]  <TASK>
[  215.026141][ T6209]  dump_stack_lvl+0x16c/0x230
[  215.030837][ T6209]  ? __lock_acquire+0x7c80/0x7c80
[  215.035879][ T6209]  ? show_regs_print_info+0x20/0x20
[  215.041461][ T6209]  ? load_image+0x3b0/0x3b0
[  215.045983][ T6209]  ? __virt_addr_valid+0x469/0x540
[  215.051117][ T6209]  print_report+0xac/0x220
[  215.055549][ T6209]  ? __mutex_lock+0x6cb/0xcc0
[  215.060251][ T6209]  kasan_report+0x117/0x150
[  215.064786][ T6209]  ? __mutex_lock+0x6cb/0xcc0
[  215.069496][ T6209]  __mutex_lock+0x6cb/0xcc0
[  215.074024][ T6209]  ? __mutex_lock+0x4e8/0xcc0
[  215.078727][ T6209]  ? l2cap_unregister_user+0x6a/0x1a0
[  215.084124][ T6209]  ? mutex_lock_nested+0x20/0x20
[  215.089096][ T6209]  ? __wake_up+0x11f/0x190
[  215.093528][ T6209]  ? __wake_up_bit+0x1e0/0x1e0
[  215.098302][ T6209]  ? _raw_spin_unlock+0x40/0x40
[  215.103171][ T6209]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  215.109194][ T6209]  l2cap_unregister_user+0x6a/0x1a0
[  215.114427][ T6209]  hidp_session_thread+0x3c8/0x410
[  215.120299][ T6209]  ? hidp_session_get+0x80/0x80
[  215.125192][ T6209]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  215.131107][ T6209]  ? hidp_session_thread+0x410/0x410
[  215.136417][ T6209]  ? hidp_session_thread+0x410/0x410
[  215.141719][ T6209]  ? __kthread_parkme+0x7a/0x1c0
[  215.146673][ T6209]  ? __kthread_parkme+0x162/0x1c0
[  215.151717][ T6209]  kthread+0x2fa/0x390
[  215.155798][ T6209]  ? hidp_session_get+0x80/0x80
[  215.160674][ T6209]  ? kthread_blkcg+0xd0/0xd0
[  215.165271][ T6209]  ret_from_fork+0x48/0x80
[  215.169716][ T6209]  ? kthread_blkcg+0xd0/0xd0
[  215.174313][ T6209]  ret_from_fork_asm+0x11/0x20
[  215.179094][ T6209]  </TASK>
[  215.182174][ T6209] 
[  215.184512][ T6209] Allocated by task 5802:
[  215.188860][ T6209]  kasan_set_track+0x4e/0x70
[  215.193471][ T6209]  __kasan_kmalloc+0x8f/0xa0
[  215.198067][ T6209]  __kmalloc+0xb4/0x240
[  215.202237][ T6209]  hci_alloc_dev_priv+0x28/0x2040
[  215.207273][ T6209]  vhci_create_device+0x11b/0x650
[  215.212410][ T6209]  vhci_write+0x3b5/0x470
[  215.216752][ T6209]  vfs_write+0x43b/0x940
[  215.221008][ T6209]  ksys_write+0x147/0x250
[  215.225376][ T6209]  do_syscall_64+0x55/0xb0
[  215.229806][ T6209]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  215.235706][ T6209] 
[  215.238037][ T6209] Freed by task 5802:
[  215.242022][ T6209]  kasan_set_track+0x4e/0x70
[  215.246630][ T6209]  kasan_save_free_info+0x2e/0x50
[  215.251668][ T6209]  ____kasan_slab_free+0x126/0x1e0
[  215.256789][ T6209]  slab_free_freelist_hook+0x130/0x1b0
[  215.262284][ T6209]  __kmem_cache_free+0xba/0x1f0
[  215.267159][ T6209]  bt_host_release+0x82/0x90
[  215.271767][ T6209]  device_release+0x96/0x1c0
[  215.276372][ T6209]  kobject_put+0x221/0x470
[  215.280804][ T6209]  vhci_release+0x15d/0x1a0
[  215.285317][ T6209]  __fput+0x234/0x970
[  215.289316][ T6209]  task_work_run+0x1ce/0x250
[  215.293918][ T6209]  do_exit+0x90b/0x23c0
[  215.298085][ T6209]  do_group_exit+0x21b/0x2d0
[  215.302693][ T6209]  __x64_sys_exit_group+0x3f/0x40
[  215.307734][ T6209]  do_syscall_64+0x55/0xb0
[  215.312165][ T6209]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  215.318065][ T6209] 
[  215.320392][ T6209] Last potentially related work creation:
[  215.326137][ T6209]  kasan_save_stack+0x3e/0x60
[  215.330835][ T6209]  __kasan_record_aux_stack+0xaf/0xc0
[  215.336220][ T6209]  insert_work+0x3d/0x310
[  215.340562][ T6209]  __queue_work+0xd2c/0x1020
[  215.345161][ T6209]  queue_work_on+0x121/0x1e0
[  215.349765][ T6209]  process_scheduled_works+0xa45/0x15b0
[  215.355320][ T6209]  worker_thread+0xa55/0xfc0
[  215.359929][ T6209]  kthread+0x2fa/0x390
[  215.364005][ T6209]  ret_from_fork+0x48/0x80
[  215.368434][ T6209]  ret_from_fork_asm+0x11/0x20
[  215.373213][ T6209] 
[  215.375538][ T6209] Second to last potentially related work creation:
[  215.382148][ T6209]  kasan_save_stack+0x3e/0x60
[  215.386841][ T6209]  __kasan_record_aux_stack+0xaf/0xc0
[  215.392231][ T6209]  insert_work+0x3d/0x310
[  215.396573][ T6209]  __queue_work+0xc39/0x1020
[  215.401177][ T6209]  call_timer_fn+0x16e/0x530
[  215.405772][ T6209]  __run_timers+0x558/0x7d0
[  215.410278][ T6209]  run_timer_softirq+0x67/0xf0
[  215.415054][ T6209]  handle_softirqs+0x280/0x820
[  215.419853][ T6209]  __irq_exit_rcu+0xc7/0x190
[  215.424452][ T6209]  irq_exit_rcu+0x9/0x20
[  215.428707][ T6209]  sysvec_apic_timer_interrupt+0x56/0xc0
[  215.434363][ T6209]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  215.440353][ T6209] 
[  215.442680][ T6209] The buggy address belongs to the object at ffff88807eeb0000
[  215.442680][ T6209]  which belongs to the cache kmalloc-8k of size 8192
[  215.456748][ T6209] The buggy address is located 160 bytes inside of
[  215.456748][ T6209]  freed 8192-byte region [ffff88807eeb0000, ffff88807eeb2000)
[  215.470642][ T6209] 
[  215.472996][ T6209] The buggy address belongs to the physical page:
[  215.479419][ T6209] page:ffffea0001fbac00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7eeb0
[  215.489604][ T6209] head:ffffea0001fbac00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  215.498561][ T6209] ksm flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  215.506994][ T6209] page_type: 0xffffffff()
[  215.511331][ T6209] raw: 00fff00000000840 ffff888017842280 ffffea0000977a00 dead000000000003
[  215.519928][ T6209] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000
[  215.528517][ T6209] page dumped because: kasan: bad access detected
[  215.534936][ T6209] page_owner tracks the page as allocated
[  215.540656][ T6209] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5443, tgid 5443 (S40network), ts 53550525908, free_ts 53548278557
[  215.561089][ T6209]  post_alloc_hook+0x1cd/0x210
[  215.565878][ T6209]  get_page_from_freelist+0x195c/0x19f0
[  215.571472][ T6209]  __alloc_pages+0x1e3/0x460
[  215.576078][ T6209]  alloc_slab_page+0x5d/0x170
[  215.580794][ T6209]  new_slab+0x87/0x2e0
[  215.584880][ T6209]  ___slab_alloc+0xc6d/0x1300
[  215.589573][ T6209]  __kmem_cache_alloc_node+0x1a2/0x260
[  215.595045][ T6209]  kmalloc_trace+0x2a/0xe0
[  215.599476][ T6209]  tomoyo_init_log+0x1104/0x1f10
[  215.604426][ T6209]  tomoyo_supervisor+0x32d/0x1080
[  215.609511][ T6209]  tomoyo_env_perm+0x14a/0x1e0
[  215.614311][ T6209]  tomoyo_find_next_domain+0x1594/0x1a60
[  215.619979][ T6209]  tomoyo_bprm_check_security+0x116/0x170
[  215.625726][ T6209]  security_bprm_check+0x62/0xa0
[  215.630682][ T6209]  bprm_execve+0xa51/0x16f0
[  215.635201][ T6209]  do_execveat_common+0x51b/0x6c0
[  215.640256][ T6209] page last free stack trace:
[  215.644945][ T6209]  free_unref_page_prepare+0x7ce/0x8e0
[  215.650440][ T6209]  free_unref_page+0x32/0x2e0
[  215.655232][ T6209]  __unfreeze_partials+0x1cf/0x210
[  215.660370][ T6209]  put_cpu_partial+0x17c/0x250
[  215.665151][ T6209]  __slab_free+0x31d/0x410
[  215.669583][ T6209]  qlist_free_all+0x75/0xe0
[  215.674099][ T6209]  kasan_quarantine_reduce+0x143/0x160
[  215.679584][ T6209]  __kasan_slab_alloc+0x22/0x80
[  215.684452][ T6209]  slab_post_alloc_hook+0x6e/0x4d0
[  215.689594][ T6209]  __kmem_cache_alloc_node+0x13e/0x260
[  215.695069][ T6209]  __kmalloc+0xa4/0x240
[  215.699244][ T6209]  tomoyo_supervisor+0xb70/0x1080
[  215.704278][ T6209]  tomoyo_env_perm+0x14a/0x1e0
[  215.709068][ T6209]  tomoyo_find_next_domain+0x1594/0x1a60
[  215.714712][ T6209]  tomoyo_bprm_check_security+0x116/0x170
[  215.720448][ T6209]  security_bprm_check+0x62/0xa0
[  215.725400][ T6209] 
[  215.727727][ T6209] Memory state around the buggy address:
[  215.733365][ T6209]  ffff88807eeaff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  215.741435][ T6209]  ffff88807eeb0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  215.749502][ T6209] >ffff88807eeb0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  215.757566][ T6209]                                ^
[  215.762708][ T6209]  ffff88807eeb0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  215.770782][ T6209]  ffff88807eeb0180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  215.778856][ T6209] ==================================================================
[  215.791729][ T6209] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  215.798984][ T6209] CPU: 1 PID: 6209 Comm: khidpd_16bf5505 Not tainted syzkaller #0
[  215.806823][ T6209] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  215.816906][ T6209] Call Trace:
[  215.820216][ T6209]  <TASK>
[  215.823174][ T6209]  dump_stack_lvl+0x16c/0x230
[  215.827890][ T6209]  ? show_regs_print_info+0x20/0x20
[  215.833195][ T6209]  ? load_image+0x3b0/0x3b0
[  215.837735][ T6209]  panic+0x2c0/0x710
[  215.841662][ T6209]  ? bpf_jit_dump+0xd0/0xd0
[  215.846204][ T6209]  ? _raw_spin_unlock_irqrestore+0xa9/0x110
[  215.852146][ T6209]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  215.858085][ T6209]  ? _raw_spin_unlock+0x40/0x40
[  215.862975][ T6209]  ? print_memory_metadata+0x314/0x400
[  215.868475][ T6209]  ? __mutex_lock+0x6cb/0xcc0
[  215.873196][ T6209]  check_panic_on_warn+0x84/0xa0
[  215.878185][ T6209]  ? __mutex_lock+0x6cb/0xcc0
[  215.882889][ T6209]  end_report+0x6f/0x140
[  215.887147][ T6209]  kasan_report+0x128/0x150
[  215.891663][ T6209]  ? __mutex_lock+0x6cb/0xcc0
[  215.896358][ T6209]  __mutex_lock+0x6cb/0xcc0
[  215.900878][ T6209]  ? __mutex_lock+0x4e8/0xcc0
[  215.905569][ T6209]  ? l2cap_unregister_user+0x6a/0x1a0
[  215.910966][ T6209]  ? mutex_lock_nested+0x20/0x20
[  215.915927][ T6209]  ? __wake_up+0x11f/0x190
[  215.920358][ T6209]  ? __wake_up_bit+0x1e0/0x1e0
[  215.925158][ T6209]  ? _raw_spin_unlock+0x40/0x40
[  215.930066][ T6209]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  215.936068][ T6209]  l2cap_unregister_user+0x6a/0x1a0
[  215.941298][ T6209]  hidp_session_thread+0x3c8/0x410
[  215.946431][ T6209]  ? hidp_session_get+0x80/0x80
[  215.951306][ T6209]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  215.957473][ T6209]  ? hidp_session_thread+0x410/0x410
[  215.962779][ T6209]  ? hidp_session_thread+0x410/0x410
[  215.968118][ T6209]  ? __kthread_parkme+0x7a/0x1c0
[  215.973082][ T6209]  ? __kthread_parkme+0x162/0x1c0
[  215.978127][ T6209]  kthread+0x2fa/0x390
[  215.982205][ T6209]  ? hidp_session_get+0x80/0x80
[  215.987074][ T6209]  ? kthread_blkcg+0xd0/0xd0
[  215.991674][ T6209]  ret_from_fork+0x48/0x80
[  215.996104][ T6209]  ? kthread_blkcg+0xd0/0xd0
[  216.000835][ T6209]  ret_from_fork_asm+0x11/0x20
[  216.005622][ T6209]  </TASK>
[  216.008893][ T6209] Kernel Offset: disabled
[  216.013225][ T6209] Rebooting in 86400 seconds..